PIMS Resource Center

Last updated 13 Sep 2011

In 2003, responding to the Health Insurance Portability and Accountability Act (HIPAA), PCA America improved the security and privacy of PIMS data. Although these improvements should help sites comply with the HIPAA regulations, there is no officially sanctioned method for certifying that the database software itself is “HIPAA compliant.”  It is ultimately each individual site’s responsibility to decide whether PIMS will meet their privacy and security needs.

HIPAA Compliance Measures

Automatic Logoff

  • Program closes if user is idle in PIMS for a set period of time (default is five minutes)
  • A warning is displayed one minute before automatic logoff occurs
  • System-wide auto logoff, if desired, must be configured on each server or in Windows

Protected Health Information

  • “Limited Data Set” contract may be used with sites sharing data
  • PIMS exported data set strips out names, postal address information (other than city, state, zip), and phone numbers; participant IDs are encoded
  • De-identification function features a more sophisticated encryption algorithm, and a password-based de-encryption function

Data Security

  • PIMS data tables can only be opened using the PIMS workgroup file and a recognized PIMS user account.
  • User-level access to data can be configured using the Staff Accounts Manager.

  © Copyright 2007-2019 Prevent Child Abuse America. All rights reserved.