Security and Compliance Fundamentals

Audit & Accountability

• Activity Logging: Configurable logging levels track authentication, data access, and modifications.
• Granular History: Logs include timestamps, user IDs, IP addresses, and specific actions (e.g., "Viewed Patient," "Exported Entry").
• Local Storage: Audit logs are stored locally and included in your system backups.

Data Protection

• Encryption in Transit: Supports TLS encryption for network communications via self-signed certificates.
• Safe Deletion: Critical data removal requires explicit confirmation steps to prevent accidental loss.
• Data Isolation: User accounts are isolated; users cannot view patient data belonging to other user accounts within the same deployment.

Consent Tools

• Workflow Integration: Configurable settings to prompt for consent before image capture.
• Documentation: Capabilities to record digital confirmation or verify external written consent.

Shared Responsibility Model

While Dermi provides the software tools, compliance is a shared responsibility.

Dermi's Responsibility:

• Provide secure, stable software free of known vulnerabilities.
• Deliver security updates and patches.
• Secure the administrative infrastructure (billing, licensing).

Your Practice's Responsibility:

• Physical Security: Securing the computer running Dermi Atlas Professional.
• Network Security: Configuring firewalls and securing your local network (Wi-Fi).
• Access Management: Creating accounts, managing passwords, and disabling access for terminated staff.
• Backup Strategy: Regularly running backups and storing them securely off-site.
• Policy & Procedure: Establishing and enforcing internal privacy policies.

Related Documentation

• Data Security Architecture: Technical details on encryption and ports.
• Audit Logging Configuration: How to configure and view activity logs.
• HIPAA Compliance Guide: Mapping features to US regulations.
• PIPEDA Compliance Guide: Mapping features to Canadian regulations.
• Configuring Data Retention for Deleted Records: Managing retention periods for compliance.

Disclaimer

Dermi Atlas Professional is a software tool that facilitates compliance; it does not ensure compliance by itself. Compliance depends on how your practice configures the software, secures the host environment, and enforces organizational policies. Dermi Inc. does not provide legal advice. Please consult with your compliance officer or legal counsel to ensure your deployment meets all applicable regulatory requirements.