Security and Compliance

Built For Each Other

Of course, all relevant information is ported seamlessly from the KipuCRM into the KipuEMR, making it readily available to the intake personnel for INSTANT Face Sheet creation. This means no double data entry or loss of data integrity. They simply preview, accept, create MR#, and populate their custom intake form menu for patient intake completion.

When a patient is accepted and admitted into the KipuEMR, the KipuCRM automatically updates the patient status, adds the admission date, and categorizes them as an active patient. On discharge, the same happens, where the discharge date is brought back to the CRM, as well as the discharge reason. Then, patients can be automatically classified as Alumni, or possibly as at-risk (AMA, ACA, etc.). This process makes it very simple for your alumni coordinator to perform and document post-discharge follow-ups. Alumni follow up is documented in the same patient file within the KipuCRM as is used in the pre-admission process, meaning every communication throughout time is easily accessible. Moreover, if there is a resurgence of an issue or need, the patient can be immediately segued back into the pre-admission process while still having every bit of info at your fingertips to ensure a smooth and expedient re-entry.

Security at Other Companies

Update: The recent Quest Diagnostics breach: nearly 12 million patient records compromised

MADISON, NJ: On Monday, June 3, 2019, Quest Diagnostics announced that an unauthorized user might have accessed personal medical information for approximately 11.9 million patients through a third-party billing collections vendor between August 1, 2018, and March 30, 2019. Quest Diagnostics is the world’s leading provider of diagnostic testing, information, and services.

The personal information the unauthorized user may have had access to included certain financial data, medical information, and yes, social security numbers.

It’s another frightening incident in the battle against online crime. Kipu was built from the first line of code to be secure and 100% HIPAA-compliant. At Kipu, security is an ongoing concern.

With Kipu, Security Is Our First Priority

Today, safeguards must be in place to ensure the appropriate protection of electronically protected health information. Kipu’s secure, durable technology platform meets industry ­recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, and SOC 1/SSAE 16/ISAE 3402. Services and data centers utilized have multiple layers of operational and physical security to ensure the integrity and safety of data. To protect data security during electronic transmission, files containing PHI are encrypted using 256-bit AES algorithms.

Furthermore, to reduce the risk of exposing PHI and to minimize bandwidth usage, any data, including PHI, not required by applications running in the cloud, is removed prior to transmission. Token and key­based authentication for the systems administrators uses a 2048-bit RSA key pair, with private and public keys and a unique identifier for each key pair to help facilitate secure access. Administrators also can utilize a command­line shell interface and Secure Shell (SSH) keys to enable additional security and privilege escalation. User access requires Secure Socket Layer (SSL)-encrypted endpoints to the Kipu service, a username/password combination, and other safeguards including device identification, two-factor authentication, and IP restrictions.

All sensitive data, including social security numbers, birth dates, and many other fields, are encrypted.

HIPAA Compliance

One of the most critical legal matters facing the health care industry as a whole is the protection of Personal Information and compliance with HIPAA (the Health Insurance Portability and Accountability Act). The addiction treatment industry is not exempt from the HIPAA laws and must comply with these regulations. One of the best ways to ensure compliance is to invest in an Electronic Medical Records (EMR) platform that is HIPAA compliant.​

Kipu was designed inside the addiction treatment community for the addiction treatment community. Since Day One, Kipu has always had the security parameters in place to ensure your records are protected and HIPAA compliant.​

Of course, we have to add that your organization must also have policies and procedures in place to ensure the human element follows all the HIPAA regulations. But it brings great peace of mind to the owners of treatment centers knowing that their records are safe and secure inside of Kipu’s fully HIPAA compliant environment.

​Hardened Protection. Rigid Compliance.

Kipu was built first for security and compliance from the ground up. Here’s how and why: Some EMRs are so old that they pre-date the Internet, HIPAA, security, and compliance requirements as we now know them. They had to backtrack and adapt to the latest rules and security threats, not to mention true cloud computing. Kipu is built in the cloud in agile development and coded in modern programming languages. These languages are much faster, more secure, and cloud-friendly. Furthermore, we’ve engineered them to be easily used on your mobile device or tablet.​

Kipu installs separate virtual servers for each client. We are not a multi-tenant or multi-account system (like a bank where all accounts reside in one system). Rather, there is no single place where all Kipu records reside. Our system uses more than 21,400 servers (and counting), all of which are encrypted.​

The illustration above depicts the Kipu Cloud Network, which is replicated in different data centers all over the United States States (in the EU for EU clients, or in Canada for Canadian clients). This represents the nature of Kipu’s Cloud Network as it relates to multiple clients.

​With Kipu, each client is segregated from every other client and their data, so while Kipu has hundreds of clients, each has its own servers. In fact, each averages six separate encrypted virtual servers for redundancy and safety. It’s virtually impossible for a data thief to even find Kipu’s 6,791 servers, much less hack into each one individually. Every client’s data is securely encrypted. This reduces the data domain and attack risk. Conversely, our competitors run multi-account, multi-tenant, and barely encrypted systems. This Kipu cloud network runs 21,400 servers and costs Kipu millions of dollars to host and run; we think it’s worth it, but our competitors do not.​

Our multi-factor authentication, which works with text messages or hardware tokens, adds layers of security other technologies just don’t have.