HIPAA Compliance Guide

Dermi Atlas Features:

• Configurable Logging: "Full" logging mode tracks creation, viewing, updating, and deletion of patient records and images.
• Granular Detail: Logs capture the "Who, What, When, and Where" of data access.
• Retention: Audit logs are preserved in the local database and included in system backups.

3. Integrity

Standard: Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

Dermi Atlas Features:

• Confirmation Workflows: "Safe deletion" requires users to type confirmation phrases before permanently deleting patients or images.
• Backup Verification: System backups use checksums to verify data integrity during restoration.

4. Transmission Security

Standard: Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.

Dermi Atlas Features:

• Local HTTPS: Dermi Atlas Manager generates SSL certificates to encrypt traffic between your server and tablets/laptops on your local network.

Incident Response

HIPAA requires Covered Entities to have procedures for responding to security incidents.

How Dermi Atlas Supports Response:

In the event of a suspected security incident (e.g., a lost tablet or suspected insider threat), Dermi Atlas Professional's audit logs provide the forensic data necessary to determine:

• Which patient records were accessed.
• Whether data was exported or viewed.
• The timeframe of the unauthorized access.

Checklist for Administrators

To maximize HIPAA compliance when using Dermi Atlas Professional, ensure the following steps are taken:

• Enable Full Logging: Turn on "Full" logging in Dermi Atlas Manager to ensure a comprehensive audit trail for potential investigations.
• Secure the Host: Enable full-disk encryption (BitLocker/FileVault) on the computer running the software to protect data at rest.
• Network Security: Configure the host firewall to allow traffic only from trusted devices and ensure the local Wi-Fi is WPA2/WPA3 encrypted.
• Backup Strategy: Configure a routine to move Dermi Atlas backups to a secure, encrypted, off-site location.
• Access Review: Periodically review the user list and disable accounts for former staff members immediately.

Disclaimer: This guide is for informational purposes only and does not constitute legal advice. Compliance is the responsibility of the practice.