Dataworxs has designed Audioworxs Audio Management System to provide secure access to information. The following explains how Audioworxs' features relate to the health industry's HIPAA requirements.
The Audioworxs Audio Management System by Dataworxs Systems Limited
has a number of security features that protect the unauthorized access
to potentially sensitive health information. This document describes the
security features as they relate to Security and Electronic Signature
Standards of the U.S. Health Insurance Portability and Accountability
Act of 1996 (HIPAA). Dataworxs continues to enhance its products to ensure
secure and confidential access to information.
Technical Security Services to Guard Data Integrity,
Confidentiality, and Availability
- Role-Based Access Control – Audioworxs provides a mechanism
for roles to be assigned to each user thereby restricting access to
various components of the system and thus restricting the user’s ability
to access information. Further, the role of administrator is sub-divided
into three different access levels – each which provides unique restrictions
on data access.
- User-Based Access Control – All users of the Audioworxs
system are assigned a unique user ID with an optional password.
- Contingency Plans – Audioworxs provides utilities
for the automated backup of its databases and for the archival of completed
audio files. A contingency plan should also make use of the facility’s
regular network backup tools and procedures to ensure that current audio
is backed up on a regular basis.
- Entity Authentication – Access to critical Audioworxs
components are protected by user ID’s and (optionally) by a password
(PIN).
- Data Authentication – Once a document has been signed,
the digital signature provides the corroboration that data has not been
altered or destroyed in an unauthorized manner.
Technical Security Mechanisms to Guard Against
Unauthorized Access to Data That is Transmitted Over a Communications
Network
- Encryption – Audioworxs uses 128-bit key
encryption to encrypt documents (audio and text) during transmission over
open or private networks. The encryption key is dynamically created on a
per connection basis using rules known to the client and server
components. The key is not transmitted.
- Audio Trail – An event is logged each time
a Job’s audio is accessed by an author or transcriptionist/editor. This
includes creation, listen-only access, and transcription/editing.
- Entity Authentication – Client applications first
require that a user “log in” to the system by providing a valid user
number and optionally a password (PIN). Unless a login attempt is
successful the user is not permitted to perform any action or access any
data.
- Event Reporting – All failed login attempts are logged for later
review as are all important events associated with the creation, distribution,
transcription, and deletion of a job.
Electronic Signature
Dataworxs uses an industry standard MD5 Message-Digest algorithm to digitally
“sign” electronic documents. The signature is based on the document data
and the user’s ID. Once signed an audio document is unable to be modified.
The signature can be used to authenticate data in terms of the signor
and content.
Administrative Procedures to Guard Data Integrity,
Confidentiality, and Availability
Audioworxs allows only users assigned the role of administrator and granted
“Full Control” privileges to add, modify or delete users from the system.
Further, group-based administrators can be created that are allowed the
privilege of adding, modifying and deleting users in their assigned group(s)
but not others.
Audioworxs provides the ability to create, modify, and remove users from
the system. In the event of an employee’s termination or position change
a user’s record (account) can be disabled, a new password assigned, or
removed from the system.
