eFileCabinet is a document management and storage solution for businesses that offers on-site and cloud storage, but is the service suitable for the healthcare industry? Is eFileCabinet HIPAA compliant or will using the platform be considered a violation of HIPAA Rules?
What are Document Management Systems?
Document management systems allow organizations to carefully manage electronic documents and store them securely in one location. With huge volumes of documents being created, such systems take the stress out of document management and can help HIPAA covered entities share documents containing ePHI securely and avoid HIPAA violations.
There are many document management systems on the market, but not all support HIPAA compliance, so what about eFileCabinet? Is eFileCabinet HIPAA compliant?
eFileCabinet Security and Privacy Controls
Security controls include the encryption of data in transit and at rest with 256-bit encryption. Sensitive data can be securely shared with third-parties and remote employees via the company’s SecureDrawer feature. SecureDrawer allows files to be shared without having to send documents beyond the protection of the firewall. The files remain in the eFileCabinet system and are accessed through a secure, encrypted portal.
eFileCabinet allows user and role-based permissions to be set to limit access to sensitive information as well as restrict what users and user groups can do with documents containing ePHI. Controls can be set with varying levels of user authentication, from simple passwords to voice prints and facial recognition. Users are also automatically logged off after a period of inactivity.
Automated file retention satisfies HIPAA integrity control requirements, data backups are performed, and an audit trail is maintained with records kept of user access, what users have done with documents, and whether documents have been copied or downloaded.
Will eFileCabinet Sign a BAA with HIPAA Covered Entities and their Business Associates?
Privacy and security controls are only one part of HIPAA compliance. Even with all appropriate controls in place, a document management system is not a ‘HIPAA compliant’ service unless a business associate agreement (BAA) has entered into with the service provider. By providing a BAA, the service provider is confirming they have implemented all appropriate controls to ensure data security and are aware of their responsibilities with respect to HIPAA. eFileCabinet is prepared to sign a BAA with HIPAA covered entities and their business associates.
However, it is up to the covered entity to ensure that all controls made available through eFileCabinet to support HIPAA compliance are configured correctly. Fail to set access controls appropriately, for example, and HIPAA Rules would be violated.
Is eFileCabinet HIPAA Compliant?
In our opinion, eFileCabinet has all the necessary security, access, and audit controls to ensure it can be used by healthcare organizations in a manner compliant with HIPAA Rules. eFileCabinet will also sign a business associate agreement with HIPAA covered entities and their business associates.
So, is eFileCabinet HIPAA compliant? Provided a business associate agreement has been entered into prior to the platform being used for storing or sharing ePHI, eFileCabinet can be considered a HIPAA compliant document management system.
The post Is eFileCabinet HIPAA Compliant? appeared first on HIPAA Journal.