Cogon Systems, LLC. views security as the most important aspect of the MOMENT OF CARE® Information System. To protect patient information and to remain HIPAA-compliant as data flows throughout the system, the MOMENT OF CARE® Information System implements the following security measures:
Access Controls: All access to patient data requires user authentication. Additionally, mobile clients can be configured to employ a "3 strike" logon policy at the application level, erasing all data on the mobile device with three failed logon attempts.
Cryptography: All mobile databases are encrypted using unique keys for each database, all passwords are hashed, and all data synchronizations and web browser sessions between server and clients is secured using 128-bit secure socket layer (SSL) connections.
Secure Remote Access: Support is provided using IKE/IPSec VPN policies, employing AES-256 encryption and Diffie-Hellman key exchanges.
Auditing: All access to patient records is logged to support audit requirements.
SECURITY FEATURES:
Unique user names and secure passwords must be entered when accessing patient data.
Proprietary security auditing mechanism provides for a comprehensive audit trail of patient record access history.
Alert, Broadcast, and User to User messaging is secure and fully HIPAA compliant.
MOMENT OF CARE® information system relies on the institution's security mechanisms for internal data transfer.
External connections to MOMENT OF CARE® Information System, if allowed, use a 128 bit encrypted Secure Socket Layer technology, which exceeds HIPAA requirements. Data is delivered to handheld/PDA devices through secure/encrypted connections. Data stored on the handheld device is protected through a combination of access control mechanisms (username/password) and encrypted storage.
Access Controls: All access to patient data requires user authentication. Additionally, mobile clients can be configured to employ a "3 strike" logon policy at the application level, erasing all data on the mobile device with three failed logon attempts.
Cryptography: All mobile databases are encrypted using unique keys for each database, all passwords are hashed, and all data synchronizations and web browser sessions between server and clients is secured using 128-bit secure socket layer (SSL) connections.
Secure Remote Access: Support is provided using IKE/IPSec VPN policies, employing AES-256 encryption and Diffie-Hellman key exchanges.
Auditing: All access to patient records is logged to support audit requirements.
SECURITY FEATURES:
Unique user names and secure passwords must be entered when accessing patient data.Proprietary security auditing mechanism provides for a comprehensive audit trail of patient record access history.Alert, Broadcast, and User to User messaging is secure and fully HIPAA compliant.MOMENT OF CARE® information system relies on the institution's security mechanisms for internal data transfer.External connections to MOMENT OF CARE® Information System, if allowed, use a 128 bit encrypted Secure Socket Layer technology, which exceeds HIPAA requirements. Data is delivered to handheld/PDA devices through secure/encrypted connections. Data stored on the handheld device is protected through a combination of access control mechanisms (username/password) and encrypted storage.