HIPAA compliance applies to covered entities as a whole, not to individual system components and software, however the guidelines and tips below are aimed at supporting a covered entity’s HIPAA compliance efforts when using PilotFish products.
|User Identification and Authentication|
- PilotFish products can integrate with your existing security infrastructure to control access and enable auditing of information traversing the software.
- Listeners can be configured to require user authentication before receiving data utilizing different authentication schemes such as LDAP and database lookups.
- PilotFish products provide facilities for public key and/or symmetric encryption and decryption of data and are able to work with security facilities in other software.
- Systems that are handling PHI/PII should have full disk encryption enabled and backup media should also be encrypted and protected.
- PilotFish products can be configured to log/report access and activities of Transactions at each stage of processing and relay such information to auditing/control management software.
|Data Integrity in Transit|
- PilotFish Transports and Listeners can transfer data with other systems using a variety of secure communication protocols such as TLS/SSL and SFTP including client-side certificates.
- Our integration engine monitors the flow of data through the application allowing for the detection, notification and handling of errors during processing.
- PilotFish products provide the ability to create and verify cryptographic hashes of data to facilitate integrity checking.