Integrated Health Informatics is committed to keeping yours' and your patients' personal and healthcare related information private. In a world where privacy is constantly being eroded, it is our goal to not in any way risk yours.
What we Handle
Cookies are small files a web server sends to a web client that store small bits of information. These files are sent back to the web server to assist in remembering with which client the server was communicating.
Following are the cookies we use and how we use them:
- session_id: We give you a session ID when you log in so we know who we are talking to for future requests. This is secret, for you, each time you log in, and should not be shared with anyone.
- _ga: Google Analytics identifier to let us know how many visits occur on various pages throughout the system.
- _gat: Google Analytics signal used to throttle how many analytics entries are logged
Health Insurance Portability and Accountability Act (HIPAA) Protected Health Information (PHI)
HIPAA defines what PHI is. Below is a comprehensive list of PHI fields. We store only the bold fields below. All storage is encrypted:
- Geographic Identifiers more specific than a State, except zip codes: If the first 3 digits of a zipcode identify less than 20,000 people, the first three digits must be replaced with 000.
- Any months or days associated directly with a patient. Years can be stored so long as the patient is younger than 89 years of age. -- The patient's entire birth date and dates for labs and other patient-specific details are encrypted and stored for processing and analysis.
- Telephone Numbers
- Fax Numbers
- Electronic Mail Addresses
- Social Security Numbers
- Medical Record Numbers
- Health Plan Beneficiary Numbers
- Account Numbers
- Certificate/License Numbers
- Vehicle Identifiation Numbers
- Device Indentifiers and Serial Numbers
- Web Universal Resource Locators (URLs)
- Internet Protocol (IP) Address Numbers
- Biometric Identifiers
- Full-Face Photographic Images
- Any Other Unique Identifier except for a random ID generated to uniquely identify the subject in the system.
Personally Indentifying Information (PII)
Similarly for HIPAA, we will not store the following information in the interest of keeping yours' and your patients' privacy a priority. Below is a list of many common PII fields. Only the ones in bold are stored. All storage is encrypted:
- Full Name if not common
- Home Address
- Email Address -- The practitioner's email address is stored and encrypted to be used for account identification, password recovery, and other administrative communication.
- National Identification Number
- Passport Number
- IP Address
- Vehicle Registration/Plate Number
- Driver's License Number
- Face, Fingerprints, or Handwriting
- Credit Card Numbers
- Digital Identity
- Date of Birth
- Genetic Information
- Telephone Number
- Login Name, Screen Name, Nickname, or Handle -- Your login name is your email address, which is encrypted and stored.
But What about...?
- Credit Card Numbers: These are encrypted within your web browser, inside a trusted payment processor's (stripe.com) credit card processing library over a secure, 256-bit encrypted connection. We, in no way, ever see your credit card information.
- IP Addresses: The IP address of a session is logged, but is not tied to a session ID, thereby making it impossible to tell which client session originated from which IP address.