HIPAA | HITRUST Compliance Statement
Cadwell equipment and software are capable of being used in compliance with HIPAA and HITECH regulations and principles (“HIPAA”) so that protected health information (“PHI”) can be collected, utilized and safeguarded in a HIPAA-compliant manner. Cadwell’s software architecture includes log-in authentication for user access, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates and data encryption, which support HIPAA-compliant use.
Clinicians use Cadwell equipment to collect PHI, however Cadwell does not host, store or retain PHI on behalf of clinicians on-site. All collected PHI remains under the control of the equipment/software user and the network host for the network into which the equipment is integrated. In the event equipment containing PHI is sent back to Cadwell for service, Cadwell follows annually-reviewed and audited HIPAA-compliant procedures (“Internal Procedures”) to safeguard PHI and prevent all unauthorized disclosures while in Cadwell’s care. All employees are trained annually on the HIPAA Internal Procedures.