Is PDF eXPLODE HIPAA compliant ?


ISSUE:

PDF-eXPLODE is used for emailing documents in the Occupational Health and Safety industry and Medical Record keeping industries.  Is it HIPAA complaint and specifically, in relation to SYSTOC software?

   

ANSWER:

Absolutely Yes. But let us start with identifying what HIPAA is and its requirements in regard to report(s) delivery by email.

HIPAA is an acronym for Health Insurance Portability and Accountability Act of 1996. It is United States of America legislation that provides  data privacy  and security provisions for safeguarding medical information. PDF-eXPLODE does not have a connection to any software database, nor does it influences or provides any form of User management to any software program data in any industry. PDF-eXPLODE does however assist with delivering reports (via email) that contain sensitive data information sourced from the business software's database. With that in mind, PDF-eXPLODE is aware of the need to securely and reliably deliver the reports to the intended  recipient.

In this article we focus mainly on the Occupational Health software of which SYTOC is one.  PDF-eXPLODE is middleware which assists the User in securely delivering reports.  How does it do that?

PDF-eXPLODE has features that permit the User to deliver reports securely. Let's review the processes available. 

  1. Deliver reports as a non-editable PDF  with a 128 bit password protection which the User must configure in the relevant report tag. The following example in SYSTOC , shows how to use the [ApplyPassword] variable (in the Var1 position) and the [Email] command with no other variables.

     

       This is the corresponding configuration in PDF-eXPLODE Options: 

       

  1. Maintain a default global password within PDF-eXPLODE (kept encrypted in 128 Bit Hex) in the configuration file. This feature works as follows:  

When using the Variable password (which would supply a password from a field in the Customer DB table ): if the DB field is blank, then to ensure the document not emailed out without being secured, you can set a password at either Default Message ID or Client ID or Client-Message ID or (global) PDF Security Settings and this password would be applied as the default to the document batch, wherever the Variable is blank in the database and consequently blank in the relative variable position in the tag.

To initiate a global variable to be used as a replacement for a blank database password in the tag,  this you will need to add the following  parameter to the [OPTIONS] section in the PDFeXPLODE.INI by inserting a new line.    ApplyGlobalPwd=1

or just configure the parameter as shown here:

When the receiver tries to open the report, they will be confronted with a password prompt which they have no knowledge of. The email message can test, using an IF-Then-Else formula (IIF) within your PDF-eXPLODE message text,  to see if “ ApplyGlobalPwd=1 ” has been set; and accordingly a conditional message can be inserted into the email asking the recipient to ring the senders’ office to obtain the correct password.  For example, in your message text, you can include the following as shown:

IIF(<GPWD> = 1 , ‘ A password was configured and assigned in-house, to open these documents, as your organisation has not nominated a custom password. Please call 251-290- 2433 to obtain your password to open the attached PDF ’, ‘’ )

Where:
<GPWD> is a PDF-eXPLODE internal variable that will test/determine if your parameter:  ApplyGlobalPwd=1   has  been set and will accordingly replace the blank Var password in the report tag with the Global password from the PDF Security Settings screen in PDF-eXPLODE Options. This will accordingy password protect the PDF, rather than email an unsecured PDF.  To understand the IIF formula, if  the ApplyGlobalPwd = 1, the internal variable <GPWD> will be equal to ”1” and then the text shown in the TRUE part of If-Then-Else Formula [ IIF() ] will be shown in the email message else a blank will exists. 

  1. Email reports via SMTP  – PDF-eXPLODE has the capability to use secure port 587 and use an encrypted Transport layer socket  (StartTLS protocol) to fully secure the transport environment, as well as encrypt the email message and attachments.

 The features described above are only available to Users of Version 4.1.26 and above.  

 If you have any further questions in relation to compliance, please feel free to contact us with further questions at support@pdf-explode.com  

 

 



Article ID: 117
Created On: Mon, Mar 9, 2020 at 8:02 AM
Last Updated On: Sun, Apr 26, 2020 at 12:03 AM

Online URL: https://kb.pdf-explode.com/article/is-pdf-explode-hipaa-compliant-117.html