How we handle HIPAA and HITECH

At Dr. Rounds®, HIPAA/HITECH Compliance is our number one priority. The safety and security of your patient's data is our job.

When we build Dr. Rounds®, our goal from the start was to design a system that is HIPAA Compliant, both as a working system and also through security and encryption.

Our architect and developers have a long history of developing secure products for the Department of Defense, where security and secrecy are mission critical elements. They took all of their experience in developing these systems and applied it to Dr. Rounds®.

Rest assured, Dr. Rounds® was the dream of a doctor, but it was put together by world class experts in developing secure software.

Policies in depth

Roll Based Access

All user roles within Dr. Rounds® for your group have different and varying access to information. Security for all users is enforced at the Application level AND the database level. We protect against intrusion by forcing security checks at various points in Application code.

Encryption

Any and All data within Dr. Rounds® is encrypted. The data coming from the Dr. Rounds® App on your phone is sent using AES-256-bit encrypted SSL. Our load balancers handle the encrypted SSL and send it to the Web Servers which decrypt the SSL. All access between the Web Servers and the Database is encrypted. Our database uses the strongest encryption available to keep ALL data encrypted, as well as its backups. All media uploaded to our servers is also stored in AES 256-bit encryption.

If we have it, if we touch it, it is encrypted.

Data Security

All the encryption in the world is worthless without data security. We at Dr. Rounds utilize Amazon Web Services. We highly suggest reading AWS's information on the security of their platform, both physically and implementation wise at http://aws.amazon.com/security/. Amazon has extensive experience and more certifications than we can list to backup claims of security of their data centers.

Along with that, we utilizing extensive logging, private cloud servers (dedicated instances), firewall policies, backup policies, all to ensure data integrity, and patient safety.

Confidentiality

Your data is your data. You own it. We do not share your information with any third parties. Your data is absolutely partitioned to be viewable by you alone.

Access Control

All users within Dr. Rounds® have unique identifiers. Your passwords are stored in a hashed format - not plain text, meaning they cannot simply "reverse engineered." If you forget your password, simply request a new one and you will be issued a new temporary password to your email address.

Your login is enforced every time you use the Dr. Rounds® App, we ensure that every request made is made with your login credentials. If your login fails, for whatever reason - the App is automatically wiped on your device, protecting patient information.

Automatic Log Off

The Web App has an automatic logoff for users. This protects your patient information if you fail to be active within the Web App for a period of time.

Information Policies

Dr. Rounds® and its staff handle your patient's health information with confidentiality, privacy, and respect. We ask that you follow your provider's policy on communicating sensitive information in their practice.

Data Integrity and Backups

For continuity in service, Dr. Rounds® employs a backup strategy that backs up, encrypts, and stores in various secure locations the encrypted backup data. In a worst case scenario, we have the ability to restore data in a very short amount of time.

We perform extensive logging of access to the App to ensure your data is accessed correctly.

Business Associates

Any organization that uses Dr. Rounds® must sign a Business Associate Agreement (BAA) to use our software.