HIPAA COMPLIANT ENVIRONMENT
A qualified independent third-party auditing firm audits the Influx hosting environment. A copy of the latest audit is available to you on request.
While most Influx users store little to no ePHI, protecting all data regardless of legal requirements is the standard for Influx MD. From the hosting environment to application programming and strict employee protocols, Influx MD treats all data as ePHI for maximum security.
What is ePHI?
ePHI is individually identifiable health information transmitted electronically by a covered entity (your medical practice) or a business associate (Influx MD). To be considered ePHI the transmitted package must contain an identifier such as a patient’s name, address or telephone number as well as well as some form of health data such as medical condition, treatments, or insurance information.
Hosting and Data Protection.
Our hosting environment delivers these features:
Influx uses hardware, software, and web application firewalls.
A firewall secures the Influx application network using a set of rules that control the traffic that’s entering and exiting it.
Offsite access to the Influx servers is only available through an encrypted virtual private network or VPN.
We restrict access to the VPN to specific IP addresses and trained Influx team members.
Influx stores data in an encrypted form at offsite storage facilities as a primary disaster recovery strategy.
Data is continually backed up to ensure no data loss in the event of a failure in the central servers.
Isolated Virtual Environments.
Your CRM and lead tracking data is encrypted and stored in separate databases wholly separated from all other user data.
Encryption keys are secured and never stored with data.
Influx uses Secure sockets layer (SSL) certificates in all situations where we transmit data between servers or websites. SSL encrypts data during transmission to ensure intercepted traffic is unusable.
Business Associate Agreement (BAA)
A signed HIPAA business associate agreement is available for all Influx users who wish to show HIPAA compliance within their organization.
A BAA is a legal contract between a HIPAA covered entity (you) and business associate (us), as defined via the US Health Insurance Portability and Accountability Act of 1996.
Be aware that a BAA does not indemnify you against breaches that may occur that are your responsibility such as weak passwords, unlocked screens, or sharing accounts with multiple users. The BAA describes our role, liability and the actions we take should a breach occur.
Local User Policy
Because your medical practice has responsibilities under HIPAA, Influx provides customizable local security policies that you can match to your practice’s requirements. Local administration is available for the following security requirements.
Users are reminded of security obligations related to HIPAA compliance whenever they perform actions that may involve ePHI.
Influx MD automatically logs off users after an account is inactive for 30 minutes or more.
Set your organization's requirements for password length, numbers and special character use, change frequency, and time between password reuse.
All admin and lead events significant to account activity and security are time-stamped and identified by the user and IP address before being logged.
Events that we log include:
- Account login successes and failures
- Account manual logouts
- Account password reset requests
- Account username requests
- Agent and admin deletions
- Lead history openings, and updates.
- System setting updates by admin.