Dedicated to Safety & Security
Empower is dedicated to the safety and security of its online programs. We understand that we have both ethical and legal obligations to help our various types of users keep data secure. In addition, for our provider clients, we recognize that they must comply with regulations, including HIPAA, that relate to protected health information (PHI). Our policies and technical safeguards are designed to ensure HIPAA compliance and end user protection.
These operational policies include:
- Designation of a Security Officer and a Privacy Officer
- HIPAA training programs for all employees and contractors with potential access to PHI
- Signed confidentiality agreements from all employees and contractors with potential access to PHI
Our technical safeguards are designed to protect our end user privacy and security. These safeguards include:
- SSL encryption of the website (for data “in transit”) and encryption of our databases (for data “at rest”)
- Extensive logging mechanisms that track access to our systems and specifically to PHI within our applications
- Highly secure passwords for all system users
- A multi-level permission system for accessing end user data, based on the sensitivity of that data and the permissions granted by the end user. End users can see which, if any, clinicians have access to their data, and the level of access of each clinician.
- Hosting of our applications at Amazon.com, which provides extensive physical security mechanisms on our servers
- Restricted use of email: As email is an insecure medium, we do not send PHI over email. Email messages from our systems are carefully designed to exclude PHI, which can only be accessed via securely logging into the system itself.
These policies and safeguards are just some of the steps that Empower has taken to secure PHI. We view the safety and security of health data as the top priority for our company. If you have any concerns or questions, please contact us at: firstname.lastname@example.org