Data Security and Privacy
Roji Health Intelligence takes data security and privacy very seriously, and we ensure robust security throughout Roji Health Intelligence hardware and software.
Does Roji Health Intelligence meet HIPAA Security and Privacy standards in allowing access to the Registry?
Yes, we meet or exceed all HIPAA and HITECH requirements. Access to the Roji Registry requires individual authentication and is role-based.
How does Roji Health Intelligence physically secure the data?
Roji Health Intelligence Servers are located in an ultra-secure facility meeting the highest standards in the industry. The facility is an SAS 70 II/SSAE 16 compliant co-location, and has successfully attained SOC 2 Type 2 and SOC 3 reports. We have a separate, equally secure co-location facility for a redundant system backup.
What data security protections exist in the processing of data?
How is data protected from hackers?
In keeping with high security standards, the web portal and database are on separate servers, to protect immediate access to the data. Data is encrypted and appears only as needed through Roji Health Intelligence Applications. Our Applications undergo routine, frequent security reviews and testing to ensure that they remain safe from hacking.
How is data shared with others?
Patient and Practice data is seen only within the client organization and is specified in ROJI HEALTH INTELLIGENCE Business Associate Agreements. Clients who participate in benchmarking may agree to see aggregate, unidentified results of other clients but no patient data is shared outside of the organized health system stipulated in the Roji Health Intelligence Services Agreement and Business Associate Agreement.
Do patients need to authorize the collection or use of patient data?
Not typically. Patient data related to quality is permissible to share under HIPAA because it is part of health care operations, as long as Business Associate Agreements and underlying practices protect its privacy to this purpose. Also, Roji Health Intelligence restricts that sensitive data which may require patient consent.
How is access to the data secured?
Role-based User Access