DayClips strives to follow procedural standards for maintaining integrity of data storage and information transfer.  DayClips utilizes encryption (SSL), firewalls, and other advanced technologies such as logins, passwords, multiple access levels, timing log out, server security, regular backups, and strict internal policies, to comply with HIPAA regulations.  Appropriate use of the DayClips system provides users a platform we believe is HIPAA compliant according to technological standards.

     To a large extent, HIPAA compliance is only partially dependent on technology since the manner of use may influence HIPAA compliance.  Users and service providers are encouraged to apply additional security and privacy safeguards such as IP restrictions and periodic change of secure passwords.  Service providers must also be vigilant about access to their computer and DayClips, limiting access only to authorized users under appropriate circumstances.  By the same token, service providers are advised to perform guarded caution when producing and maintaining backups of sensitive data.  DayClips requires service providers to conduct daily backups using technology they deploy and maintain in a secure environment.

     Full compliance with HPAA depends to a significant degree on the personal conduct and business practices of users and service providers.  The use of DayClips to transmit or store sensitive medical information (PHI) is not authorized by DayClips.  Operating systems used by service providers and users on servers, PC workstations, laptops, and cellular phones that access the internet must meet HIPAA Security Rule section 164.308(a)(5)(ii)(B) that requires implementation of “procedures for guarding against, detecting, and reporting malicious software.”  Certain operating systems such as Windows XP are no longer HIPAA compliant

DayClips requires service providers and users maintain HIPAA compliance by the following practices:

• ·      Identify all at-risk workstations, laptops, cellular phones, and servers.

• ·     Analyze the hardware in all at-risk computers and mobile devices to determine if they are running software that is HIPAA compliant.

• ·      Create a transition plan for upgrading or replacing browsers, computers, and mobile devices to maintain HIPAA compliance.
  

     All of the the factors described in this policy statement as well as others impact compliance with HIPAA rules and regulations.  DayClips advises each user and service provider to assess their level of comfort with the DayClips system and make their own determination regarding their use of DayClips and its impact on their business. Service providers and users who employ methods that are not HIPAA compliant are required to indemnify DayClips for any security breach arising from their methods.

     DayClips encourages users and service providers to contact us for specific questions regarding issues of security and confidentiality as it relates to DayClips and HIPAA.