Mobile devices, including smartphones, tablets, and laptops used for EVV with wireless connectivity present a potential security risk regarding client information.
For this reason, the software provider you choose for your EVV platform needs to be fully security aware and have all the necessary security protocols in place. Mobile applications use SaaS, (Software as a Service) platforms that live on the provider’s cloud.
With SaaS systems, security upgrades are automatically available to all users as soon as they are implemented. Having all users on the same version of the same platform facilitates communications between workers, supervisors, and management.
Direct Care Innovations (DCI) creates business management platforms for providers and government agencies in the Medicaid, Medicare, Private Insurance and Managed Care Markets. The security measures incorporated in all of their software applications meet or exceed all industry and government standards.
When seeking a software provider, the security measures listed below are essential for a maximum security environment.
Your mobile app needs the ability to receive push notifications on software updates, potential security issues and communications from management. This level of instant communication is essential as you may have agents that do not visit the home basis on a daily basis. Notifications via the app may be the only way to effectively communicate with field agents in a timely manner.
No one outside your organization should ever have access to your app, client information or any information about your scheduling or workplace. The only exception is in an audit scenario where you authorize access to the app and the information in it. This is the main purpose of any security program and any application you consider should have these controls in place.
The Health Insurance Portability and Accountability Act of 1996 sets the standards of all healthcare providers, insurers, and any organization that deals with client information. These standards also apply to the software and tools that providers use. Many of these measures seem obvious such as password protection, accountability and ability to document who had access to a record and when the record was accessed. Any application used to record client information must meet HIPAA standards.
MITA is an organization within the US Government Center for Medicare & Medicaid Services. Their primary role is to ensure that all IT platforms and applications comply with the standards established by the US Government.
NIST is a government standards organization that establishes information technology standards on how data is collected, stored, protected and shared. These are the Gold standard for security.
MECT is a government-sponsored certification organization that provides strict guidelines for information storage, and handling and sharing. The “Toolkit” is a download from the following link. https://www.medicaid.gov/medicaid/data-and-systems/mect/index.html. These tools were developed to assist states plan, develop, test and implement their Medicaid Management Information Systems. Software applications that follow these guidelines are compliant with government security protocols.
While it is possible for multiple clients to share the same software instance, database or application server this multiple sharing by different parties is a basic security risk. More secure systems use platforms that are “Single Tenant” meaning that no other parties share the database and there is no risk of data leakage.
When multiple clients share a common database, it is easier for data to be accidentally accessed by unauthorized parties. Single tenant systems are more expensive to create and maintain but the added security of this type of system is well worth the expense.
Any database has varying degrees of security, and level 2 is one of the higher levels of testing a database can be subjected to. This simply means that the system has been subjected to a variety of vulnerability tests; level 2 is one of the higher levels.
This simply means that data is accessed on a need to know basis only. In any organization, various personnel has required access to client data, and a secure system allows only those who are authorized to see certain data have access based on their needs to perform their duties in caring for the individual.
This means that the system has been tested by a third party and certified as secure. This is a test of the security of the encryption of the system data, and the vulnerability of the system to outside intrusion, or ” Hacking.”
This is the most secure type of encryption. When data is transmitted over any network, it is vulnerable to being copied by an unauthorized party. Encryption protects against this by breaking down data into a multitude of components that cannot be read without authorized encrypting software. Encryption levels are 120, 190 and 256. Software that is at the 256 level is the most secure.
This means that the system tracks every time a record is accessed, who accessed the record, and the time. This level of accountability lets the data owner know who has accessed the files. In order for an application to be considered fully secure, full accountability is a must. This documentation is a requirement for any auditing either internal or external, as by Government agencies.
Direct Care Innovations (DCI) creates business management platforms for providers and government agencies in the Medicaid, Medicare, Private Insurance and Managed Care Markets.
All DCI software solutions comply with the security measures discussed in this article and this is why they are industry leaders in secure mobile applications.
DCI also offers an obligation free analysis of your needs and offers not only software but the expertise you will need to implement the programs successfully.
You can contact DCI at http://www.dcisoftware.com/ or by calling 480-295-3307.
Given the personal and sensitive nature of the services provided, managing an in-home healthcare business…
Direct Care Innovations offers an integrated business management platform that enables providers, state agencies, and…
Direct Care Innovations is well-educated regarding the latest policies and ready to help your home healthcare…
Using Electronic Visit Verification (EVV) technology offers significant benefits for home healthcare agencies, enhancing compliance,…
State Medicaid agencies are increasingly mandating community reinvestment requirements in contracts with Medicaid managed care…
In partnership with states nationwide, risk-based Managed Care Organizations (MCOs) coordinate essential healthcare services for…