HIPAA Compliance

As with Version 1, the newest version of NovusFiles™ continues to build on the security features that enable our subscribers to transfer files with their clients, completely confident that appropriate security measures have been taken. While we cannot, for security reaons, disclose all the particular programming aspects that we have employed that address security, we can enumerate how NovusFiles™ provides not only secure file transfer and management capabilities, but meets HIPAA requirements.

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. This landmark legislation set forth expectations for protecting the privacy of patients.

HIPAA requirements for data security and integrity are provided in § 142.308(b) of Proposed Rules published by the U.S. Health and Human Services Department. In general, HIPAA was not specific on how patient privacy should be protected in the context of dictation and transcription work; however, the proposed rules offer the best criteria yet of how the government intends to assess a firm's adherence to the goals of HIPAA.

NovuScript™ addresses each of the important security elements of the proposed rules in the following manner:

Access Control. Users must log into NovusFiles™ using a combination of username (e-mail address) and password. Each access is logged in our database and available for review by the subscriber administrator. Access to files and functionality is "role-based"; that is, Users have the ability to access, add or delete files based on their allowed permissions and role (e.g., Administrator, Staff, Client). All post-login communications between Users and our servers are encrypted using 128-bit SSL encryption.
Accountability. Each action taken on a file (uploading, downloading, deleting, etc.) is logged. The history of the files as it comes into our system is maintained, along with the User who took the action on the file.
Data Backup. The key components of NovusFiles™ (HTML pages, databases, etc.) are backed up each day. Back-ups are fully encrypted and stored off-site at several remote locations.
Data Storage and Physical Access. File data are full encrypted within our databases. NovusFiles™ servers are located in highly secure "co-location" centers. Visitors to the facility must be authorized, identified and a record of their visit is maintained.
Disposal. When a dictation or transcription file is deleted form NovusFiles™ (either by the User or during the daily auto-purge routine) the data are completely removed from our databases. The information about the file (date created, Client, etc.) is maintained for auditing purposes, but the actual file data are completely removed and is unrecoverable, even by high-tech means.

We realize that HIPAA compliance is ultimately the responsibility of caregivers. However, we want you to be able to use NovusFiles™ in confidence. While no amount of security measures can fully guarantee security, we do employ the best available security measures to prevent unauthorized access to your clients' dictation and transcription files.