Privacy - Stethoscope in front of locks inside many evenly displaced polka dots.

AccessEMR Security, Privacy, and Confidentiality Measures

Access eHealth Blog /

AccessEMR Security, Privacy and Confidentiality Measures

Access eHealth Technologies takes your privacy seriously and adheres to rigorous privacy standards, policies and procedures to ensure your personal health information is only accessed by authorized users. Information is released to users that require it to perform treatment, payment, or other administrative purposes. 

As a patient, you have the right to know how your personal health information in our software, AccessEMR, is safeguarded and shared. You have the right to view, obtain a copy of, and amend information in your health record. AccessEMR protects its users and data by incorporating the following components within our system security policies and procedures:

  • Authorization: AccessEMR’s access control include frequent password change requirements, single sign-on databases to assign users approved rights and privileges access to certain resources, and automatic account logoff after a specified amount of inactivity to mitigate the risk of invalid users gaining access to information. Under the Health Information Act (HIA) individuals have the right to access their individual health information and request personal health information. Through our patient portal, the patient or an authorized family member can be granted access to their medical records and can request changes if there are any disagreements or incorrect information. At any point, patients may provide or withdraw consent to access their personal health information at any time.
  • Authentication: Using login passwords and digital certificates, AccessEMR verifies the identity of a user.
  • Availability: AccessEMR will be available to medical facilities by providing access via online or offline databases to allow system administrators to isolate and defend against various threats in the event of an attack. We provide fault tolerances within our systems, such as redundant components, data archives, and networking systems.
  • Confidentiality: Information that is stored within AccessEMR remains confidential, protected, and can only be accessed by authorized users. This information can take on various forms such as identification data, diagnoses, treatments, progress notes, and laboratory results. Roles control the level of access to information for each user. For example, a nurse and receptionist require access to information they need to fulfill their responsibilities, but do not have access to the same information.
  • Data Integrity: Data integrity assures patient data is accurate and has not been manipulated by unauthorized users. As interoperable EMRs grow prominence across the continuum of care (hospitals, rehabilitation centres, long-term care homes, etc.), data integrity becomes increasingly important. Using intrusion detection and hashing methods, AccessEMR can verify information sent and received by another party has not been modified or altered.
  • Nonrepudiation: Nonrepudiation is the assurance that a transferred message has been sent and received by the parties claiming to have sent and received the message. This guarantees that the sender of a message cannot later deny having sent the message or that the recipient cannot deny having received the message. To enforce nonrepudiation, AccessEMR uses digital signatures. AccessEMR also offers system audit logs of all user activity. System audit logs include date and timestamps of entry, view duration, and a log of all modifications made to the patient’s record.

In addition to our security policies, AccessEMR is compliant with all Canadian and American health information standards including:

  • Personal Information Protection and Electronics Documents Act (PIPEDA): PIPEDA is a Canadian law that governs how organizations within the private sector can collect, use, and disclose personal information.
  • Health Insurance Portability and Accountability Act (HIPAA): HIPPA’s Privacy Rule protects the privacy of individually identifiable health information, and the HIPAA Security rule sets national standards for the security of electronic protect health information (e-PHI).
  • Fast Healthcare Interoperability Resources (FHIR): FHIR is a standard published by Health Level 7 (please see below) for health care data exchange describing data formats, elements, and programming interfaces for electronic health records.
  • Office of the National Coordinator (ONC): Office of the National Coordinator is the principal federal entity charged with implementing health information technology and electronic exchange of health information in the United States.
  • Health Level 7 (HL7): An international organization that provides a comprehensive framework and standards for the retrieval, exchange, integration and sharing of electronic health information for clinical practice in management, delivery, and evaluation of health services.

Patient information protection is of our utmost importance and we take every precaution to ensure it is safeguarded and shared with only authorized parties, for the purposes of providing better quality of care for Canadians. If you have any questions regarding the processes we take to handle patient information, please contact us!