Skip to main content

Overview

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) prohibits healthcare providers and healthcare businesses from disclosing protected health information (PHI) to anyone other than a patient and the patient’s authorized representatives without the patient’s consent. To ensure your practice can meet HIPAA standards and requirements, we recommend implementing certain security practices into your workflows to ensure PHI is not exposed to unauthorized individuals. Elation’s Security Team works hard to ensure Elation meets the security and privacy guidelines set forth by HIPAA, as well as various industry best practices. Regular external audits of our policies and procedures, as well as third-party penetration tests of our systems, are used to verify that we continue to meet the standards we are striving for. Elation is committed to protecting the security, confidentiality, integrity, availability, and privacy of its information resources including PHI.

Workflow Instructions

Internet Connection Security

As best practice, never connect any of your devices to an internet connection that is not secure. This exposes your devices to potential security threats. We recommend using a hard-wired connection (ex. via an ethernet cable) when possible. If you are using a wireless internet connection, please make sure it has the following characteristics:
  • The connection is password protected with a strong password that is:
    • unique to the connection (do not reuse passwords)
    • not readily accessible by non-authorized individuals
  • The connection is encrypted
    • We recommend the Advanced Encryption Standard (AES)
  • The devices that enable the connection:
    • are password protected with a strong password
    • have up to date software
  • Have the following features turned off:
    • remote management
    • WPS
    • Universal Plug and Play (UPnP)

Device Security

Keeping your devices secure is also important, especially devices you use to access your Elation EHR account. Make sure your devices, such as your mobile phone, laptop or desktop have the following security measures in place to prevent unauthorized individuals from gaining access to your device and the information in your device:
  • Use 2 Factor Authentication to access your device(s)
  • Keep your operating systems up to date
  • Enable your operating system’s firewall
  • Utilize Antivirus software
  • Implement identity theft protection
  • Logout from your account when not in use
  • Turn off or shut down your device(s) when not in use
  • Turn off bluetooth when not in use
Elation will automatically logout your account after two hours of inactivity in the platform.

Web Browser Security

Keeping your web browser secure is always important. If hackers gain access to the cookies or cached data in your web browser, they may be able to access your accounts and information. Follow these practices to keep your web browser secure:
  • Keep your browser and any plugins/extensions up to date
  • Only apply plugins or extensions to your browser if they are from trusted sources
  • Block pop-ups from unauthorized websites
  • Use an ad-blocker
  • Use private/safe browsing, especially when accessing your Elation account
  • Clear your web browser cache and cookies on a frequent basis
  • Disable saved passwords
  • Disable autofill

Account Security Features

Elation has implemented two features you can use to add extra security to your workflow when accessing your Elation account: Elation also implemented a fail-safe in case anyone maliciously tries to access your Elation account; an Elation account will be locked for 1 hour if there were 10 or more unsuccessful login attempts in a row. If you are the owner of the account and have accidentally locked yourself out, contact support for assistance with unlocking your account.

Password Best Practices

Use a strong password for your Elation account. Strong passwords are unique passwords that generally have the following characteristics:
  • mixture of both uppercase and lowercase letters
  • mixture of letters and numbers
  • have at least one special character
  • Reset your password a few times a year—this guarantees that even if your login information was compromised, the culprit will eventually lose access
  • If you need to store your log in information somewhere for ease of access, store your login and password information in a secure and trusted password manager.
Never share your account with anyone as this action is explicitly prohibited by HIPAA.

Frequently Asked Questions

I suspect I am a victim of a ransomware attack. Did the attacker gain access to my Elation data as well?
In order for a ransomware attack to take place, the attacker must first gain access to a computer system using some existing vulnerability. Once access has been gained, the attacker proceeds to “scramble” the data on the system, rendering it unusable. The attacker then demands a ransom be paid before the system will be “descrambled”. If you suspect you are a victim of a ransomware attack, please be reassured that the data in your Elation account is secure. There are several ways to make a system resilient to ransomware attacks, and Elation employs all of them; especially preventing unauthorized access in the first place. Elation has policies and procedures in place to ensure that our systems are secure, and those procedures are tested and verified on a regular basis. We recommend that you work with your IT staff or vendor to assess the specific risks of your IT systems. In the event of a ransomware attack on your systems, the data in your EHR will be safe with Elation, but your ability to access that data from the affected device may be interrupted while you recover access to your device.
I was suddenly logged out of my account, what happened?
Elation will automatically logout of your account after two hours of inactivity in the platform for security purposes. As best practice, you should always log out of your account when not in use or when you step away from your device to reduce the risk of PHI exposure.
Why am I locked out from my account?
Elation implemented a fail-safe in case anyone maliciously tries to access your Elation account; an Elation account will be locked for 1 hour if there were 10 or more unsuccessful login attempts in a row. If you are the owner of the account and have accidentally locked yourself out, contact support for assistance with unlocking your account.
Will I be able to access Elation if I have a Virtual Private Network (VPN) enabled?
Yes, you will be able to access Elation if I have a Virtual Private Network (VPN) enabled.