Privacy & Security

The privacy and security of your protected health information is very important to LANES. LANES is committed to safeguarding your electronic health information, and therefore we prioritize your protection with a continuously advancing privacy and security posture. LANES is thereby advancing the joint security and privacy profiles of the organization through a series of key initiatives and projects.

Leadership

  • Chief Information Security Officer (CISO) designated to oversee comprehensive information security and privacy program, including a robust risk management program.
  • Security and Privacy Advisory Committee established to provide strategic thought leadership and guidance about the ecosystem’s security and privacy postures from LANES executives, key stakeholders and participant organizations.

Privacy

  • Permitted Use – Your patient data is only used for treatment and continuity of care to improve the quality of your healthcare.
  • Consent – You are in control the sharing of your information, and we focus on the consent you provide to your provider.
  • Transparency – You have the right to know who is using your information.
  • Access – Only those who require access to the systems are given access (role-based access); all access is monitored and reviewed regularly

Security

  • Encryption – We secure our networks and environments with strong AES 256 encryption for data in transit and at rest.
  • Authentication – We require strong, complex passwords for access to systems
  • Protection – We administer security controls administered on network and environments that are tested and validated, such as Data Loss Prevention and Multi-factor Authentication protocols.
  • Integrity – We guard your data by routinely monitoring, logging and auditing protocols in place to keep your data secure and up to date.
  • Back-ups – We back-up our systems every day to maintain up-to-date records.
  • Disaster Recovery – We have a full Disaster Recovery Plan and Business Continuity of Operations Procedures, with a secondary, geographically divided site available if necessary.
  • Vulnerability Management Program – We are establishing a rigorous vulnerability assessment protocol, including semi-annual penetration tests and quarterly vulnerability scans
  • Patch Management Program – We maintain a patch management policy and procedure to mitigate identified vulnerabilities

Regulatory Compliance and Industry Best Practices

  • HIPAA – We are compliant with both the Security Rule and the Privacy Rule for the protection and safeguarding of Protected Health Information.
  • HITRUST – We are pursuing HITRUST Validated Assessment with Certification in 2018 – 2019
  • California and Federal Guidelines – We also comply with all privacy regulations for the state and federal government regarding data and information collection.
  • Risk Management – We use a risk-informed decision-making process to manage privacy and security risk to you, to your data and for our systems.

Vendor Management

  • LANES CISO maintains a security-based risk management approach to working with vendors and third parties.
  • LANES established direct line of communication with the security team at the key technology vendor (NextGen – Mirth) to stay on top of identified security questions and monitor the partnership.