At Heart Imaging Technologies, LLC (HeartIT) we take the security of your data very seriously. Please review the questions and answers below which address common concerns regarding the protection of your private information.
Is WebPAX® secure?
Yes. All HeartIT servers employ industry-standard secure socket layer (SSL) encryption technologies to ensure that all communication between your browser and our servers cannot be intercepted by a third party. This technology is essentially identical to that used for online banking and online credit card services.
Is the DICOM upload feature also secure?
Yes. All DICOM uploads also employ secure socket layer (SSL) encryption technologies.
How can the "Send Email" feature be HIPAA-compliant when email is generally recognized as not being secure?
HeartIT does not send your message body, which may contain HIPAA-protected information, to your email recipient. Rather, we send a web link pointing to your message which can only be viewed after the email recipient logs in to WebPAX®.
What happens if I forget to log out of WebPAX®?
WebPAX® will log you out automatically after a period of inactivity determined by your system administrator. You should always log out manually, however, to prevent another person from accessing your private data before this timeout period has expired.
How does WebPAX® protect against hackers?
In addition to industry-standard defenses such as firewalls, denial-of-service attack prevention, and other measures HeartIT servers also integrate a number of proprietary features designed to discourage and detect intrusion by unauthorized individuals. HeartIT also works with your local IT staff to minimize the risk of unauthorized system access.
Does WebPAX® require strong passwords?
Yes. If your system administrator selects the strong passwords option all passwords must be a minimum of eight characters long, everyday dictionary words are not allowed, and passwords must contain a combination of alpha and numeric characters. In addition, all passwords expire with a frequency determined by your system admnistrator and previous passwords cannot be reused.
Does HeartIT takes steps to ensure that HIPAA-protected information cannot be inadvertently left behind in my browser's cache?
Yes. All HeartIT servers send HTTP 1.1 cache-control response headers to your browser which instruct your browser not to cache any information obtained from our secure servers. Depending on your network environment caching of images can be optionally activated to improve performance.
Will my referring physicians be able to access images from patients other than those that they have referred to me?
No. Referring physicians can only view the scans you email to them and cannot access other scans in your account.
I do not live in the United States but rather in the European Union (EU). Is HeartIT registered with the Department of Commerce in the USA for "Safe Harbor" regarding EU requirements for the protection of private electronic information?
Yes. HeartIT adheres to the US safe harbor privacy principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce's safe harbor program.