24  Protecting Health Information

The Health Insurance Portability and Accountability Act (HIPAA) has had far-reaching consequences, as we’re certain you know. We’ve designed some features to help you fit the T.O.V.A. into your HIPAA-compliance procedures.

• Choosing ‘Hide Protected Health Information’ in the Preferences (section 25.11) will leave Subject Name and other protected fields off of the main window and reports.
• Custom fields you create can be flagged as ‘Protected Health Information’.
• Protected fields are left out of exports by default.
• Protected fields are left out of technical and interpretation support exports by default (section 27.4).
• Subject names are not required. The only required individually identifiable health information is the subject’s date of birth and gender. You can leave names out of the T.O.V.A. entirely and use subject numbers to identify subjects anonymously.
• The T.O.V.A. application can be password-protected.
• The T.O.V.A. database path should be restricted to authorized users, if the computer is ever shared with unauthorized users.

The T.O.V.A. has only limited built-in security. Instead, the T.O.V.A. assumes that your organization has standard physical and computer security measures in place that meet HIPAA requirements.

And as always, if you need more information, please contact T.O.V.A. technical support (section 27), and we’d be happy to help you with your HIPAA needs.