HIPAA | HITRUST Compliance Statement
Cadwell equipment and software are capable of being used in compliance with Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act (HIPAA and HITECH, respectively) regulations and principles (“HIPAA”) so that protected health information (“PHI”) can be collected, utilized and safeguarded in a HIPAA-compliant manner. Cadwell’s software architecture includes log-in authentication for user access, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates and data encryption, all of which support HIPAA-compliant use.
Clinicians use Cadwell equipment to collect PHI, however Cadwell does not host, store or retain PHI on behalf of clinicians when CadLink is hosted in a customer’s own data center. All collected PHI remains under the control of the equipment/software user and the network host for the network into which the equipment is integrated.
When utilized, Cadwell’s CadLink Anywhere™ cloud service uses a secure third-party data storage solution. These third-party storage facilities are HIPAA compliant and data passing to and from these facilities are encrypted.
In the event equipment containing PHI is sent back to Cadwell for service, Cadwell follows annually-reviewed and audited HIPAA-compliant procedures (“Internal Procedures”) to safeguard PHI and prevent all unauthorized disclosures while in Cadwell’s care. All Cadwell employees are trained annually on the HIPAA Internal Procedures.