PRIVACY, SECURITY AND COMPLIANCE

 

Return to FAQs
  1. How is CovetCare information secured?
    CovetCare employs the best industry practices available to ensure the confidentiality and security of your personal data. We have an unwavering commitment to the privacy and security of patients’ and clinicians’ data and have instituted a strong privacy policy and reinforced with leading edge technology including a virtual private network and an Internet firewall.

    All information entered into CovetCare-entered is stored in a secured server database. We employ multiple levels of security: database security, application security, and network security, ensuring our commitment to privacy and security and operation that is in full compliance with State and Federal regulations.
     
  2. How frequently do you recommend that passwords be changed?
    HIPAA legislation recommends that passwords be changed (aged) every 90 days as a measure of the facility’s compliance with the Privacy law.
     
  3. What should I consider when choosing a password?
    Your password may be from 6 to 8 characters in length. The characters may be letters, numbers or a combination of the two. And, your password may contain upper and/or lower case letters.
     
  4. Can I share my user ID and password with another clinician?
    Under no conditions are you to give your user ID or password to anyone. This is considered a severe breach of confidentiality under the HIPAA law and under the facility’s privacy policies. Under the HIPAA Privacy Rule regulations, disclosure of one’s ID or password can result in sanctions. It is recommended that you treat your user ID and password as you would your bank account or charge card -- neither of which would you give access to by an unauthorized person.
     
  5. Who will/can see the data that is entered and transferred through CovetCare?
    Your facility’s Administrator/designee controls access to the system. Your facility’s information will not be disclosed to any outside party, except: as required by law; or as necessary to complete a transaction that you initiated. We have an unwavering commitment to the privacy and security of your patients’ and clinicians’ data.
     
  6. Who will have access to the CovetCare program and the information entered into CovetCare?
    Approved users with a valid ID and password are given access to CovetCare by your facility’s Administrator. A resident’s health care provider will have access only to the information that they already have among their existing records.
     
  7. How will the end-user (clinicians/ government) use my data?
    Clinicians will use the data to assess the overall status of residents, which will results in a proposed plan of care, allowing for clinician review and edit and the subsequent automated completion of an MDS. Further, the facility will use the data entered to track the services given and to ensure that the patient receives optimal quality of care.
    The government will use the data as they currently do with the electronically submitted MDS assessments. That is, to assess your facility’s overall quality indicators and to determine Medicare reimbursement.
     
  8. How are user interactions tracked?
    We track aggregate information per facility and provide the respective facility the ‘totals,’ ensuring security and privacy of information. We do not monitor the individual behaviors of clinicians using CovetCare software unless we are directed to do so by law. If fraud is suspected, however, we reserve the right to view specific, relevant information.
     
  9. Do I have to sign my name in pen next to my electronic signature on the assessment form?
    No. Your electronic signature is acceptable by government agencies. As you know, your medical record entries are based on your having entered your confidential ID and password -- which is known only to you and the facility’s system Administrator.

    Under no conditions are you to give your user ID or password to anyone. This is considered a severe breach of confidentiality under the HIPAA law and under the facility’s privacy policies. Under the HIPAA Privacy Rule regulations, disclosure of one’s ID or password can result in sanctions. It is recommended that you treat your user ID and password as you would your bank account or charge card -- neither of which would you give access to by an unauthorized person.