Protecting Patient Privacy & HIPAA Compliance

Table of Contents

  1. Overview
  2. Secure communication
  3. Secure workstation habits
  4. Password and lock code
    1. Passwords
    2. Lock code and automatic screen locking

Overview

ITO Health is designed to support secure, HIPAA-compliant care coordination. Our platform includes built-in security controls, but protecting patient privacy also depends on how you use the system. As a user of ITO Health, you are responsible for ensuring that patient information is accessed only for legitimate care or coordination purposes and viewed only by authorized individuals. This article outlines best practices for keeping patient information safe.

Secure communication

When communicating about patients, avoid copying patient information into personal notes or external messaging apps. Share patient information only with authorized team members, and do not download or send patient files unless necessary and permitted.

Occasionally, ITO Health will use encrypted email to communicate patient details. Such emails will have [ENCRYPT]     in the subject line and are protected so that sensitive information can only be accessed by the intended recipient.


The below video shows how to securely open and access the contents of an encrypted email.

In some cases, encrypted emails from ITO Health may be delivered to your spam or junk folder. If you are expecting an encrypted email and don’t see it, follow these steps:

  1. Check your Spam or Junk folder and look for an email with [ENCRYPT]    in the subject line
  2. If found, mark the email as Not Spam or Safe
  3. Add the sender to your contacts or approved senders list, if prompted

If you continue to have trouble accessing encrypted emails, contact your organization’s IT team or ITO Health support for assistance.

Secure workstation habits

Always be mindful of your physical environment when accessing patient information.

  • Avoid viewing patient data in public or shared spaces when possible
  • Position your screen so others cannot easily see it
  • Log out or lock your session when stepping away, even briefly
  • Do not share devices or browser sessions with others

If you are using a shared or public workstation, be especially cautious and ensure you fully log out when you are finished with your work.

Password and lock code

To prevent unauthorized access to your account, ITO Health uses multiple layers of protection. We designed these controls to reduce the risk of accidental exposure, especially in busy clinical or community settings. Some security settings are configured by your organization and may vary slightly depending on your organization’s policies.

Passwords

Your password should include at least 8 characters, at least 1 number, at least 1 special character, and passwords may not be reused from your most recent passwords.

In many organizations, passwords are also set to expire on a regular schedule (such as every 90 days). This helps to limit the impact of compromised credentials and encourages routine password updates.

When resetting your password, identity verification is required to ensure that only you can regain access to your account.

Lock code and automatic screen locking

ITO Health automatically locks your session after a period of inactivity to protect patient data when you step away from your device. Automatic screen locking helps prevent others from viewing or accessing patient information if your device is left unattended, even for a short time.

Our lock code protection includes automatic locking after a set period of inactivity, a 6-digit lock code required to unlock your session, and a limited number of unlock attempts before a cooldown period.

You can also manually lock your screen at any time, even if you are stepping away briefly.

Still need help? Contact Us Contact Us