ICANotes operates as a HIPAA compliant company, ensuring the utmost confidentiality and security of your data. We'd like to provide you with some pertinent information regarding our certification and compliance measures.

The Office of the National Coordinator for Health Information Technology (ONC) collaborates with four accredited certification bodies designated as of February 2017. These organizations, known as ONC-ACBs, are responsible for testing and certifying electronic health record (EHR) systems, ensuring they meet stringent standards for functionality and security.

Under the ONC Health IT Certification Program, developers of health IT systems like ICANotes must adhere to certification criteria established by the ONC. This includes the 2015 Cures Updated Edition Health Information Technology Certification Criteria and the 2015 Edition Base Electronic Health Record Definition. I'm pleased to inform you that ICANotes has successfully met these standards and was certified by one of the ONC-ACBs, The Drummond Group, on December 24, 2022.

In conclusion, our ONC certification underscores our dedication to providing you with a high-quality EHR solution that meets the most rigorous standards of performance and security.

Access controls allow you to assign varying levels of privilege to users to ensure no one accesses PHI they shouldn't.

Individual user authentication enforces access controls with username and password protection, and sometimes even biometric technology.

Automatic logout drops workstations from the network and logs off the program after a sufficient period of idle time.

Digital electronic signatures and locking of the electronic record prevent the unauthorized alteration or destruction of electronic health records.

128-bit encryption prevents people without passwords from accessing PHI.Alarm and event reporting lets you know when the wrong password has been entered too many times, prevents further attempts and sends a report to the system administrator.

ICANotes complies with HIPAA requirements for Business Associates. The company performs a Security Risk Assessment annually  based on the guidelines established by NIST (National Institute of Standards and Technology) and maintains HIPAA Policies and Procedures which comply with HIPAA regulations. ICANotes staff are trained on HIPAA policies and procedures when hired and also annually. Randy Holl is our  HIPAA Security Official. Below is our most recent HIPAA / HITECH Security Assessment. 

ICANotes is committed to our security efforts. We are assessing potential risks which involve preparing for different types of disasters. ICANotes is vigilant about complying with state and federal regulations regarding contingency plans and backups. While we do not disclose our disaster plan to mitigate security concerns. The basics of our disaster plan include: 

1. Identification of critical IT systems and networks
2. Setting the recovery time objective as a priority
3. Outlining the steps to restart the system 
4. System and network reconfiguration and recovery

No matter the size of the group or customer we prioritize disaster preparedness. All critical systems have backup images available for instant restorations. All data is backed up on a continuous basis. Our data is stored at multiple geographically distinct locations.