March 2024 was a bad time for patient data security. The HIPAA Journal reports that over 90 breaches were recorded, a 50% increase from February 2024 and a 41% increase from the previous year.
For healthcare entities, this is alarming. Not only do breaches harm reputations, but they also lead to penalties under HIPAA laws and directly impact patients.
This is why, at FormDr, we take patient data security very seriously.
Our HIPAA compliant intake forms not only ease the workloads of medical offices and patients. At the same time, these forms are equipped with the most advanced security features. Let’s take a closer look at why our customers place their trust in us.
How FormDr Maintains Patient Data Security
Here’s how we keep sensitive data safe along the way.
SOC-2 Type II Compliant
A Service Organization Control (SOC) 2 Type II audit proves that a cloud-based service has implemented security controls and that these controls are working effectively.
While the assessment isn’t mandatory, it is a sign that an organization has covered the five trust service principles — security, availability, processing, integrity, confidentiality, and privacy — when managing sensitive data.
FormDr has been audited and granted SOC 2 Type II compliance, proving that we have measures in place to prevent unauthorized access, detect incidents, and restore functionality in the case of a breach.
Account Audit Logs
Audit logs are a crucial measure for healthcare entities to protect patient information. These records essentially offer an accurate history of all events that take place on an account — including login attempts, with IP addresses, device types, and locations.
On the FormDr platform, audit logs are maintained for every user who accesses an account — whether patient or staff — no matter how insignificant the event is. These logs can be filtered, sorted, and downloaded as a CSV Excel file.
Trusted Device Authorization
FormDr adds another layer of patient data security through a trusted device authorization feature. This means that the system remembers exactly which users and devices have been granted authorized access — not only saving your staff’s time but also offering you an extra authentication measure.
For instance, it ensures that only authorized users who use permitted devices can access Protected Health Information (PHI). Detailed logs are maintained of operating systems that access the account, along with the date, time, location, and IP address. Trusted device authorization can be granted, tracked, and revoked at any time.
Encrypted PHI
FormDr encrypts all patient data with a 128-bit SSL secure browser encryption. This means that we scramble all personal identifiable information — including text and images — both when in transit and when resting in our database.
This ensures that PHI and ePHI remain secure, which is a crucial component of maintaining HIPAA compliance. For instance, in 2019, the University of Rochester Medical Center had to pay $3 million to the Office for Civil Rights for potential HIPAA violations after an unencrypted laptop and flash drive were stolen.
As cybersecurity concerns continue to plague the healthcare industry, it’s clear that more will have to be done to protect patient data security. As a platform committed to ensuring entities can easily send and receive HIPAA compliant forms online, FormDr is here to answer questions or help practices get started today.