how secure is my info header

NeHII knows that the security and privacy of patient health records is a real concern to most consumers, and it should be. That’s why NeHII includes a safe way for patient information to be stored and shared by doctors, hospitals and insurance companies.
The NeHII system has several layers of built-in security to help protect patient information:

  • Secure access...Access to the system is controlled by a proven IBM system that is already widely used.
  • Approved users only...All access into the system is limited to approved users only. Unapproved visitors will not even be able to see the system because it is visible only to approved healthcare facilities.
  • Encrypted Data...All information shared over the system uses the same encoding methods used in secure financial transactions. This prevent others from seeing it while it is on its way from doctor to doctor.
  • Latest Technology...NeHII strives to maintain the highest level of security to meet federal standards for internet security, so patients will never have to worry about the system becoming outdated.
  • Digital Certificates...‘Digital Certificates’ by VeriSign make sure that access to the system remains secure.
  • x

NeHII Security Policy:
NeHII recognizes that consumers are concerned with the security and privacy of patient information.  Cognizant of that concern, this statement addresses the issues of integrity, confidentiality and availability as they encompass patient data and application services. In recognition of stakeholder security concerns, the mission, vision and goals of NeHII explicitly state that a secure exchange of information is absolutely essential, with the understanding that information security involves protecting the integrity and confidentiality of the data.

The HIE application is very flexible allowing for security configuration options which can be uniquely modified to the specifications of NeHII requirements.
Access to the application is governed by IBM’s proven infrastructure for secure messaging. This authentication process screens and verifies both users and programs wishing to gain access. The process provides accountability and is the foundation for all security functions or requests.

Browser authentication is performed by Netscape Communications SSL v3 (Secure Socket Layer) protocol which provides communications privacy over the internet to prevent eavesdropping, tampering and message forgery between client/server applications. The application uses the strongest encryption allowed by both domestic and international regulations.

Application access is controlled using user names and passwords encrypted with SSL and a third party digital certificate provided by VeriSign. Password strength and change rules can be enforced based on particular customer requirements. Security within the application is further controlled using roles. Numerous roles can be defined – each with a unique level of security and access permissions as defined and regulated by HIPAA guidelines.

The application provides for a matrix of access configurations which include user roles, feature regulation (e.g. VHR, eRx), establishment of patient-provider relationships which determine access to restricted PHI (Protected Health Information), and workgroup-level security configurations. Development of an acceptable security model ensures security of PHI while enabling necessary and appropriate access (availability) to data.

All network traffic is encrypted using either SSL or VPN (Virtual Private Networks) and VPN gateways implemented with IPSec (Internet Protocol security) standards. The IPSec utilizes the most up-to-date and proven authentication procedures and encryption algorithms. As well, all network communications going into and out of the data center pass through redundant firewalls, limiting traffic to only specific IP addresses and ports.

A usage analyzer tool is available to allow NeHII administrators the ability to generate HIPAA and security audits within the HIE application. These audits will provide the ability for NeHII privacy and security officers to investigate patterns of usage and confirm adherence to HIPAA requirements.

NeHII Participating Providers

Currently there are over 1,400 hospitals, medical clinics, physicians, pharmacists, and various healthcare professionals participating across Nebraska. Click the link for a full listing read more...

© 2012 Nebraska Health Information Initiative  All Rights Reserved. Site Credits