Data Security and Privacy

Roji Health Intelligence takes data security and privacy very seriously, and we ensure robust security throughout Roji Health Intelligence hardware and software.

Does Roji Health Intelligence meet HIPAA Security and Privacy standards in allowing access to the Registry?

Yes, we meet or exceed all HIPAA and HITECH requirements. Access to the Roji Registry requires individual authentication and is role-based.

How does Roji Health Intelligence physically secure the data?

Roji Health Intelligence Servers are located in an ultra-secure facility meeting the highest standards in the industry. The facility is an SAS 70 II/SSAE 16 compliant co-location, and has successfully attained SOC 2 Type 2 and SOC 3 reports. We have a separate, equally secure co-location facility for a redundant system backup.

  • Physical access restricted to System Administrators and Corporate Leadership
  • Access Administered through finger print and picture ID

What data security protections exist in the processing of data?

  • All data remains encrypted while moving between the client and Roji Health Intelligence.
  • All lines of communications are required to be encrypted between the client and Roji Health Intelligence.
  • Server data security is managed using users access rights.
  • Separation maintained between web server and data server.
  • Firewalls are managed using the services of security professionals.

How is data protected from hackers?

In keeping with high security standards, the web portal and database are on separate servers, to protect immediate access to the data. Data is encrypted and appears only as needed through Roji Health Intelligence Applications. Our Applications undergo routine, frequent security reviews and testing to ensure that they remain safe from hacking.

How is data shared with others?

Patient and Practice data is seen only within the client organization and is specified in ROJI HEALTH INTELLIGENCE Business Associate Agreements. Clients who participate in benchmarking may agree to see aggregate, unidentified results of other clients but no patient data is shared outside of the organized health system stipulated in the Roji Health Intelligence Services Agreement and Business Associate Agreement.

Do patients need to authorize the collection or use of patient data?

Not typically. Patient data related to quality is permissible to share under HIPAA because it is part of health care operations, as long as Business Associate Agreements and underlying practices protect its privacy to this purpose. Also, Roji Health Intelligence restricts that sensitive data which may require patient consent.

How is access to the data secured?

Role-based User Access
  • Access to the data is controlled by ‘group’ membership.
  • Users can access data-based role in the client organization.
Logins
  • Separate provider and administrator login types.
  • All passwords are stored salted and encrypted with a one-way hash, so that passwords can be checked but cannot be read.
  • Passwords must adhere to rigid requirements.
  • Separate authentication of user prior to granting of login.

Take the first step to build your path to success.

Contact Roji Health Intelligence