Security Related Documentation for Health Care Professionals - Focus on GDPR

Security Introduction

Security and compliance is a topic of growing importance and HIMSA continues to provide good software tools and advice on how your practice might best meet the requirements of your country or your company.

HIMSA’s web site contains a great deal of information that you can utilize.  Below are a few links that cover a number of important topics.

Important: Unless otherwise noted, the posted security information applies only to businesses using Noah System.   Several HIMSA member companies develop Noah compatible business systems that provide a great number of special features designed for the hearing health care industry. Please see our complete list of Noah compatible business systems and note:

  • Companies listed as “Type - WSI” integrate with Noah System. The security information provided on himsa.com does apply.
  • Companies listed as “Type - Business” integrate with Noah and use their own security features. Please refer to your business system supplier for more information.

If you are uncertain what type of Noah you are using, simply open Noah and, if you see “Noah News” in the middle of the screen, then you do have Noah System (see graphic below).  If you are using another system, you will need to review information from your business system supplier.

 

Noah System is an On-Premise Installed Application

HIMSA creates Noah System, but the Noah software runs on computers and network systems that your company provides or oversees.  HIMSA does not currently offer Noah System in a hosted setup – a setup where HIMSA would, for example, host your Noah System data in a data center.

 

GDPR

The General Data Protection Regulation (GDPR) applies to businesses providing services in the European Union.  Even though this applies to Europe, the GDPR seems to make the worldwide news.

Q: If I am not providing services to patients in Europe (specifically the European Economic Area or EEA), do I need to be concerned?

A: Not specifically, however, a lot of the features that HIMSA provides with Noah System generally apply to good security practices in current way.  HIMSA encourages all hearing care businesses to review our information and apply the features provided to what best suits your needs.  One thing that is certain is the topic of security and compliance is an issue that will continue to receive more importance.

 

Q: What version of Noah System do I need to use to be compliant with the GDPR or other security mandates (e.g. HIPAA)?

A: Using Noah System does not automatically make a hearing care business (HCB) compliant with any security compliance regulations.  Noah System provides features that will help a HCB apply its policies and procedures to be compliant.

HIMSA can state that we recommend that your business use the latest Noah version available.  In particular, Noah 4.9 provides a large number of enhancements in regard to security and HIMSA will continue to make adjustments when needs arise.

 

Data Processing Agreements 

Q: I provide audiology services to patients located in the EEA.  Do I need to have a Data Processing Agreement with HIMSA?

A: No, a data processing agreement is not needed for use of Noah System as the installation is an on- premise installation controlled by your company. Most Noah compatible modules (provided by 3rd party companies) are also are on-premise applications but do have the technical ability to offer features to transfer data to other systems. In this case a data processing agreement between the module provider and your company may be needed. Contact your module developer for more details.

One of HIMSA’s more recent integration options for HIMSA Member companies is the Noah Mobile / Web API.  The Web API provides HIMSA member companies the ability to create applications that connect to Noah with more flexible means.  For more information on Noah Mobile, please use the following links:

Noah Mobile services are not enabled by default.  If your Noah System administrator enables Noah Mobile, they will be prompted to review and agree to a Data Process Agreement for the Noah Mobile Services.

 

Other Important Topics

HIMSA has additional information that your business should review.  Please see other related topics, “Security” and “The Noah Database”  in the Noah 4 Learning Center.