For applications where our system would be used in a clinical setting, compliance and security is a major concern for most of our customers. We have included some information below regarding our ability to meet and overcome compliance challenges.
It is our interpretation that HIPAA rules do “not assume the task of certifying software and off-the-shelf products” (p. 8352 of the Final Security Rule) neither do they set criteria for or accredit independent agencies that do HIPAA certifications. To us this means no video software vendor can claim “full compliance or certification” to these acts. However, some of our client organizations do view the video assets recorded by the VALT solution as a PHI or EHR. As such we have created features, functions, security and permissions to meet the challenges our clients face and work hand in hand with their technology staff to ensure our solution is implemented and architected to meet compliance goals.
The HIPAA Privacy Rule, Security Rule and ensuing HITECH Act do cite security features such as password encryption, security and permission levels, audit trails and in-transit/at rest data encryption. The Valt solution has built features around each one of those concerns as detailed below with the corresponding diagram. However, true compliance is really a facility concept and while we have taken the steps to help your staff protect the data on our system the remainder of the operational procedures, network architecture and user protocols required are outside the scope of our system.
Intelligent Video Solutions is also willing to review and sign any Business Associate (BA) or Non-Disclosure documentation that may be required.
The VALT solution can integrate with LDAP so no user passwords are stored on our system. IF passwords are created and stored on the VALT system they are encrypted in the VALT database. All client access to log into our browser based solution can be done over SSL encrypted ports.
VALT system administrators have granular access over every single feature, video stream, recorded video asset and data on our system. A robust security and permission structure can be implemented to comply with any organization procedures.
VALT logs and makes available for search and sorting by system administrators the following information. Each entry is date and time stamped:
In-Transit: All data transmitted from client to server and server to client can be encrypted using SSL encryption. All audio/video streams can be securely encrypted and transmitted from server to client using RTMPS streaming / encryption
At-Rest: Is a somewhat gray area in HIPAA, and it is up to your IT department to decide if encrypting “data at rest” is warranted through the use of easily implemented options like TDE or EFS