Protection of health records is our culture. We strive to ensure that only those on the patient’s care team with a need to know, have access.
As a community data repository and an unbiased data trustee, it’s important for C3HIE to exceed expectations for data security. Hospitals and practices entrust C3HIE with their data and therefore, must know and understand our commitment to protecting that data and maintaining the highest standards for sharing. C3HIE also has a role as a trusted agent to ensure and help all our participants have secure environments and help protect patient data per our BAAs.
C3HIE was the first HIE in Texas to become EHNAC certified and is currently pursuing a much more stringent certification called HI-Trust. It takes everyone doing their part, to make sure data is secure. Below, we will share some of the ways that we are safeguarding C3HIE technology and we encourage everyone in the community to take the Cybersecurity Survey, even if you don’t have plans to participate with the HIE.
C3HIE’s own Standards include but are not limited to:
Data stored in a Tier 1 data center with SOC2 security- This means that the servers are protected by a guard and two-factor Authorization to physically access our servers. Our data center requires authorized ID and a handprint to enter the server cage.
Data is stored on single tenant, stand-alone servers-This prevents the possibility of “memory leakage” (e.g. Meltdown and Spectre) and possible hacks that can happen when data is stored in virtual servers where multiple organizations run software at the same time.
C3HIE maintains identical servers, in different parts of the country, with a complete back up “failover” system in the event of a natural disaster or malicious attack. Although there could be some potential down-time, the entire system should be back up in a matter of hours. This insures your data from ransomware attacks.
Copies of all code are stored in a secure code repository, with full change control documentation and regular audits of data usage and access.
C3HIE supports Single Sign On and multifactor Authentication.
Data is always encrypted in transit and at rest.
C3HIE performs vulnerability testing and risk assessments on our vendor partners to help avoid issues like the Target breach where a hacker gained access through an HVAC contractor.