HIPAA Enforcement

Patient Privacy and Document Security is a primary concern for WebChartMD. In order to surpass HIPAA requirements, our solution employs numerous security and audit features including:

Encryption and password protection

WebChartMD has the following primary features for Audit and Security:

  • All Web traffic is sent over a 128-bit encrypted SSL channel.
  • All dictations and documents are stored in an encrypted form in the database. A 256-bit AES (Rijndael) encryption scheme is used to accomplish this. The same scheme is also approved for securing TOP SECRET US Government data by the NSA (PDF).
  • All passwords are stored using a one way hash and a random salt value. When users authenticate themselves on the web portal, the passwords entered are hashed as well and only hashes are compared, thus increasing user password security.

Audit Trails

WebChartMD attaches two different audit trails to every document:

Document History Audit Trail
WebChartMD captures and stores all versions of documents edited via the WebChartMD portal in a Document History audit trail. This insures a complete and transparent record of any edits made to patient records, including the time and date of edit, and the author of the edits.

Comprehensive Audit Trail
All document and dictation access is captured in a comprehensive audit trail, with every action taken against the document or dictation being made available to view via the web portal. Each action is also marked with a date/time stamp, the type of action, and the username of the person who performed the action (see below screen image).

Protecting PHI in the Digital Workplace

WebChartMD takes the following steps to protect PHI from being stored on the computers of employees involved in the production and management of patient healthcare information:

  • Many web-based systems inadvertently store files accessed from a web-based application in a Temp or temporary internet folder. WebChartMD’s system sweeps the user’s Temp directory and automatically purges all PHI that was opened by the user after each access to their online account.
  • After transcribing and uploading a completed document, WebChartMD immediately purges the audio file from the transcriptionist’s computer. A copy of the completed transcription is stored for five days on the transcriptionist’s computer in a hidden folder (ShadowCopy) for disaster recovery purposes and then is completely purged.

HIPAA Statement

WebChartMD clients must sign our Business Associate Agreement (PDF) at the time of formalizing the business relationship. A copy of that agreement can be found here


WebChartMD received a Q4 2010 rating of “Excellent” by Digital Defense, Inc. when tested to determine vulnerability to external attacks.

Have Questions?

Chat now with
a WebChartMD
staff member.