SECURITY, HIPAA, PRIVACY

Products
Data security is a crucial concern for modern businesses, especially as threats to data security and data integrity continue to rise. It is vital for every organization to protect its information and maintain critical confidentiality and privacy.

Integrated Inventory Technology, Inc works continually to ensure that its products and services meet or exceed industry standards with respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Our products and services are specifically designed to include features that assure compliance with HIPAA.

Our relational database employs a secure login process and role-based access requiring confidential username and password credentials. That is, only secure user accounts, assigned to certain access rights, will include the ability to read and access patient data. A supplementary system of rights grants access to add or edit data. When a user adds or modifies data within the database, a record is made that includes user and date/time information. This establishes an audit trail that can be examined by authorized system administrators. All data stored in our database receives necessary encryption measures and safeguards to guarantee that sensitive patient information is not identifiable as belonging to any particular entity. Applications that access this data are engineered to decrypt this private information for authorized users only. As an additional security measure, such applications are designed to “time out” after moderate inactivity, requiring an authorized log in before continuing. Special precautions are taken to prevent classified data from being inadvertently “cached” and available anywhere outside of a secure session. Any and all internet transmissions performed by said applications are done using secure, encrypted protocols such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL).

Our products are hosted on a data center network complying with industry security standards for internal controls, assessment, auditing, and reporting (SSAE, SOC1, and SOC2). This hosting is independently audited to maintain processes and physical security features mandated to achieve compliance certification for regulations such as HIPAA/HITECH, GLBA, and PCI-DSS. Through policies and procedures published by the National Institute of Standards and Technology, and leveraging leading threat management tools for encryption and vulnerability prevention, hosting of our products and information sustains crucial information system security.

Customer Support
Integrated Inventory Technology’s support staff will work with customers in a manner congruent with HIPAA guidelines. All remote access to customer patient information by Integrated Inventory Technology support staff will be made using a fully encrypted protocol.

Business Associate
HIPAA requires health care providers to enter into “business associate” contracts with certain businesses to which they disclose patient health information. These business associate contracts generally require the recipients of such information to use appropriate safeguards to protect the patient health information they receive. To perform certain service and support functions, Integrated Inventory Technology personnel may need access to patient health information maintained by its customers. As a result, we may be considered a “business associate” of customers to whom we provide such services. We will be providing our customers with a standard business associate agreement in accordance with HIPAA requirements.

Tenets of this agreement are summarized in the following company Privacy Policy, which specifies that Integrated Inventory Technology:

• Obtain and use confidential patient health information obtained from our customers only as necessary to perform customer service and support functions

• Limit access to such information to those employees and agents who perform identified service and support functions.

• Prohibit disclosure of patient health information received from customers to persons who are not employees or agents of the company in the absence of express approval from the customer and/or patient;
  Require all employees and agents of the company to report uses and disclosures of patient information that are not permitted by this.

Privacy Policy
Provide that we investigate all reports that patient health information was used in a manner not permitted by this Privacy Policy and will impose appropriate sanctions for conduct prohibited by the policy.

• Establish that employees who may come in contact with patient health information receive training regarding our Privacy Policy and the importance of protecting the privacy and security of patient health information.

• Provide for the storage and transmission of patient health information received from customers in a secure manner that protects the integrity, confidentiality and availability of the information.

WEBSITE STATISTICS / COOKIES
What information does our web server collect?

The web server hosting the web site of iit/SourceTech (iit-sourcetech.com) automatically collects certain non-personally identifiable information, such as which pages each user visits and the domain name (e.g., execpc.com) of visitors. This information is used for various purposes including internal review and for traffic audits.

What are cookies and how does iit-sourcetech.com use them?

The iit-sourcetech.com website places a “cookie” on the user’s computer to store and sometimes track information about the user. A cookie can be used to tell when your computer has contacted a web site; we may also use the information for purposes such as measuring certain traffic patterns. For example, cookies are used to ensure that you do not have to re-enter your login name or password during your visit if you choose. You may opt-out of the cookies delivered by iit-sourcetech.com by changing the setting on your browser. Please be aware that this will disable all cookies delivered to your browser, not just the ones delivered by iit-sourcetech.com.