WebPathLab is HIPAA Compliant

WebPathLab is designed as a secure, cloud-based Laboratory Information System (LIS) that prioritizes the protection of electronic protected health information (ePHI) in compliance with HIPAA Security Rule requirements, including technical safeguards for access control, audit controls, encryption, and transmission security.

Access Control and Authentication
Written procedures and defined access privileges ensure that authenticated users are restricted to only those functions and data necessary to fulfill their job responsibilities, adhering to the principle of least privilege.

The system provides comprehensive instructions—via detailed written documentation and interactive demos—for Laboratory Managers to securely assign, modify, or revoke user access, as well as to monitor and track user activity.

Role-based access control (RBAC) supports multiple privilege levels based on user roles and responsibilities. Permissions are granular, extending to individual pages, modules, and actions within the LIS, preventing unauthorized access or modification of ePHI.

Data Protection and Encryption
All data is encrypted in transit using industry-standard protocols (including 128-bit or higher encryption compatible with HIPAA expectations).

Data is hosted in a HIPAA-compliant data center on Amazon Web Services (AWS), a leading provider with over 100 HIPAA-eligible services and robust security certifications. A valid digital certificate (SSL/TLS) is verifiable at any time by clicking the padlock icon in the browser URL.

Daily automated backups ensure data availability and support disaster recovery, with all backups maintained under the same stringent security controls.

Audit Trails and Monitoring
WebPathLab maintains comprehensive audit trails that log every keystroke and database interaction, including:

• The specific page and field affected,
• The username of the performing user,
• A precise timestamp.

This granular logging applies to every case and supports HIPAA-required audit controls for recording and examining system activity involving ePHI, enabling proactive monitoring, incident detection, and regulatory reporting.

Physical and Network Security
As a fully cloud-hosted solution, the LIS does not reside on laboratory premises, eliminating on-site physical security risks. All servers are managed within AWS’s secure, multi-layered infrastructure featuring:

• Dual firewalls and advanced network protections to defend against unauthorized access, hackers, and ransomware.
• Strict authentication requirements for all access attempts.
• Automatic account lockout after five consecutive failed login attempts to mitigate brute-force attacks.

These features collectively safeguard system integrity, confidentiality, and availability while aligning with HIPAA technical safeguards and best practices for anatomic pathology laboratories.