HIPAA security statement for Orchid Medical Spa Software

The purpose of this statement is to outline and define security measures incorporated into DaySmart Software programs to assist DaySmart Software's customers in complying with HIPAA Security Regulations. Although responsibility for HIPAA compliance ultimately rests with each customer (covered entity), DaySmart Software provides the following features to assist our customers in administering their own security policies and procedures:

• Activity Log: Records if modifications have been made to information contained on tickets or in client profiles if employee passwords are assigned and set to remember what employee is logged in.
• Password protection : DaySmart Software's programs have two types of password protection available: database passwords and employee access passwords.
  1. The database password is a single password assigned to an individual database that must be entered before the database may be accessed. The database is where all business information is stored, including clients, totals, inventory, reports, payroll, etc. The database password is typically entered when opening the program each day or restoring a database from backup.
  2. Employee access passwords may be applied to over fifty areas within the program and to over one hundred individual reports. Using the Password Controls function, access to the client information screen and client treatment notes, which may contain client protected health information, may be limited to those with a password or denied completely. For example, some employees may be permitted to view client protected health information upon entry of their password. However, employees who have no need to access client protected health information can be prevented from accessing the client information screen entirely, even if they have a password that permits them access to other areas of the program. The Password Controls function may also be password protected to control access. Finally, Employee Access levels may be set to a “default” level so that new employees will have the same level of access as existing employees.

If you have any questions on the features of Orchid Medical Spa Software or how the software complies with HIPAA security standards and regulations, please contact us at sales@daysmart.com.