The Health Insurance Portability and Accountability Act (HIPAA) was signed into law in August 1996 and is designed to improve the effectiveness and efficiency of the U.S. healthcare system and mandates national standards in several areas. 

Among HIPAA regulations are two important provisions: 

  • Title I Cobra (portability) – designed to protect workers and families from the loss of health insurance coverage as the result of a job change or termination i.e. the Security Rule 

  • Title II Administrative Simplification (AS) – designed to simplify the administration of healthcare and to protect the privacy of individually identifiable health information i.e. the Privacy Rule

Social Solutions is compliant with all requirements of the HIPAA act signed into law in 1996. SSG is committed to maintaining the highest levels of information security. 

The guiding principles of HIPAA can be summarized in the sections below and details on how each applies to ETO are included.

Tracking Who Did What

Audit trails for demographic information, participant program history, TouchPoints, and Collections includes tracking of the following: old value, new value, date changed and user who made the changes.

User Roles and Security

ETO software utilizes user name and password functionality to prevent unauthorized application access and roles to restrict user access to components within the application. Each unique user account is assigned access to particular programs and also assigned one of nine levels of access which can be customized to allow users access to certain features. Role levels typically range from the administrator, who manages all the structural elements of the system, or program managers who have access to individual and aggregate staff and client information, to end-users who have the narrowest access. A user or a local site administrator can change/reset a password as needed. Social Solution Customer Support Center will never reset a user’s password and provide them with the password, but Support will, instruct a user how to reset their own password

Password Controls

Social Solutions recognizes the importance of maintaining secure and confidential access to client data. Toward that end, ETO software offers highly sensitive password protection and management functionality.

  • All users have a unique identifier (i.e. username)

  • Passwords can be set to have a minimum length and contain a minimum number of numeric and non-alpha-numeric characters

  • Passwords can be reset

  • Passwords can be set to expire

  • Passwords can be restricted to only be updated once per day

  • Passwords can be restricted so a user cannot use any of the previous four passwords

  • Passwords are stored encrypted

  • Passwords are not displayed upon entry

Program Security

Data housed in ETO is stored and processed separately by program. For example, users who are working on the ABC project access and process ETO data separately from users working on the XYZ project. Therefore users assigned to a program can only see data for the participants, services, or outcomes associated with that program. This protection can extend down to an optional caseload level, as needed, where one user can only see data related to participants assigned to his/her own caseload.

Email and Messaging

Internal emails that are sent within ETO require the recipient log in to ETO to read the message. These messages are maintained in history for 60 days. External emails that are sent within ETO do not contain full PII.

Backups and Uptime

Social Solutions Global, Inc. uses Amazon Web Services (AWS) hosting facilities for data protection, disaster recovery, and backup strategy. As part of this partnership, Social Solution’s clients receive the benefit of a world class managed and fully redundant data center infrastructure.

All ETO software servers are backed up nightly using Quest/Dell NetVault Backup software. For added security, the backup data is encrypted using AES-256 algorithm.

Disaster & Data Recovery

Social Solutions Global, Inc. uses Amazon Web Services (AWS) hosting facilities for data protection, disaster recovery, and backup strategy. As part of this partnership, Social Solution’s clients receive the benefit of a world class managed and fully redundant data center infrastructure.

Best Practices/Certification

AWS security certifications such as SOC1 allow us to remain compliant with your data. Standards such as AES 256, which enables encryption of data at rest, ensures no one can view your data. Amazon Virtual Private Cloud allows us to create a private facing subnet for databases and application servers, in order to have more security control around your mission critical workloads.

Redundant Infrastructure

  • 24/7/365 monitoring of up-time across the infrastructure.

  • Fully redundant internet connections.

  • Redundant Utility Feeds and power backed up by multiple UPS and power generators.

  • Objects are redundantly stored on multiple devices across multiple facilities within a region.

Backups

All ETO software servers are backed up nightly using Quest/Dell NetVault Backup software. For added security, the backup data is encrypted using AES-256 algorithm.

Schedule

Nightly full backup of all ETO Data using AES-256 encryption algorithm.

Email support@socialsolutions.com if you have additional questions.

Did this answer your question?