Privacy…Confidentiality…Security…Aren’t they more or less the same?

A whole new language has developed to describe how health organizations protect your health information. In this context, Privacy is your right as a patient to control release of your information to third parties. Confidentiality is our responsibility to restrict access to your information to individuals who have a need to know and to prevent accidental or inappropriate disclosure by authorized users. Security is also our job. We have a duty to protect your information against unauthorized access through electronic, physical and procedural measures. Read on to learn more about why Winona Health and My Winona Health (formerly Winona Health Online) are safe and secure.

My Winona Health Security Policy

Outlined below are My Winona Health’s policies and procedures for preventing the loss, misuse, or alteration of information due to unauthorized access. As part our security measures, My Winona Health adheres to the standards and principles set forth by Health on the Net (HON).

  • Access
  • Physical Security
  • Encryption
  • Software Discipline
  • Firewall Technology
  • Auditing Activities
  • Network Security
  • Current Standards & Technologies

If you have questions or concerns about our security policies, please contact us.

Access

Authorized Users access My Winona Health through IDs and passwords. Passwords are encrypted before being transmitted. All access privileges are assigned on a need-to-know basis, and access by all users is documented. Of course, we can only control access on our side of the system-be sure to log off your account when away from your desk and keep your user ID and PIN in a safe place.

Encryption

All confidential information transmitted via the Internet is encrypted (coded) to protect it from unauthorized viewing or damage during transmission. We use 128-bit Secure Socket Layer (SSL) version 3.2. To support this state-of-the-art security measure, My Winona Health requires members to use a recent version Internet browser such as Internet Explorer 4.x (or higher) or Netscape 4.x (or higher).

Firewall Technology

Firewalls (think digital police roadblocks) prevent unauthorized system access. This sophisticated electronic barrier between the Internet highways and our system ensures that only you, other members, and your healthcare professionals in Winona have electronic access. No security is perfect, so we pay hacking experts to frequently “attack” our system and check for holes.

Network Security

My Winona Health resides within a Trusted Agent Network (TAN)-a closely linked group of computers dedicated to IQHealth’s tasks. The TAN is separate from the provider’s corporate internal network; it is a distinct network with its own firewalls and IP addresses.

Physical Security

Physical security safeguards are in place to protect against environmental hazards. Our Data center is “hardened,” or more secure than typical buildings. Even serious problems, like a massive power failure or fire, aren’t enough to knock out your protection.

Software Control

Software control measures are in place to ensure the proper functioning and integrity of the software used to support My Winona Health. Antivirus technology prevents, detects, and repairs virus problems round the clock. Only authorized software resides on key support systems to prevent any accidental compromise of security measures.

Auditing Activities

Audit trail logs are used to monitor usage patterns and spot any suspicious activity. Access to individual records, including user information accessed, date and time of access, and action performed (write, edit, delete), are audited routinely to ensure adequacy of training and compliance with policy.

Current Standards and Technologies

Winona Health and My Winona Health are committed to meeting or exceeding standards set by current information security industry and federal legislation regarding online communication of health information. As part our security measures, My Winona Health adheres to the standards and principles set by Health on the Net (HON).

If you have questions or concerns about our security policies, please contact us.