The privacy and security of your protected health information is very important to LANES. LANES is committed to safeguarding your electronic health information, and therefore we prioritize your protection with a continuously advancing privacy and security posture. LANES is thereby advancing the joint security and privacy profiles of the organization through a series of key initiatives and projects.
- Chief Information Security Officer (CISO) designated to oversee comprehensive information security and privacy program, including a robust risk management program.
- Security and Privacy Advisory Committee established to provide strategic thought leadership and guidance about the ecosystem’s security and privacy postures from LANES executives, key stakeholders and participant organizations.
- Permitted Use – Your patient data is only used for treatment and continuity of care to improve the quality of your healthcare.
- Consent – You are in control the sharing of your information, and we focus on the consent you provide to your provider.
- Transparency – You have the right to know who is using your information.
- Access – Only those who require access to the systems are given access (role-based access); all access is monitored and reviewed regularly
- Encryption – We secure our networks and environments with strong AES 256 encryption for data in transit and at rest.
- Authentication – We require strong, complex passwords for access to systems
- Protection – We administer security controls administered on network and environments that are tested and validated, such as Data Loss Prevention and Multi-factor Authentication protocols.
- Integrity – We guard your data by routinely monitoring, logging and auditing protocols in place to keep your data secure and up to date.
- Back-ups – We back-up our systems every day to maintain up-to-date records.
- Disaster Recovery – We have a full Disaster Recovery Plan and Business Continuity of Operations Procedures, with a secondary, geographically divided site available if necessary.
- Vulnerability Management Program – We are establishing a rigorous vulnerability assessment protocol, including semi-annual penetration tests and quarterly vulnerability scans
- Patch Management Program – We maintain a patch management policy and procedure to mitigate identified vulnerabilities
Regulatory Compliance and Industry Best Practices
- HIPAA – We are compliant with both the Security Rule and the Privacy Rule for the protection and safeguarding of Protected Health Information.
- HITRUST – We are pursuing HITRUST Validated Assessment with Certification in 2018 – 2019
- California and Federal Guidelines – We also comply with all privacy regulations for the state and federal government regarding data and information collection.
- Risk Management – We use a risk-informed decision-making process to manage privacy and security risk to you, to your data and for our systems.
- LANES CISO maintains a security-based risk management approach to working with vendors and third parties.
- LANES established direct line of communication with the security team at the key technology vendor (NextGen – Mirth) to stay on top of identified security questions and monitor the partnership.