Clinical Outcomes Resource Application Corporation (CORA) is committed to promoting health information stewardship.  Our objective is to provide clinical information that promotes improvement in healthcare quality while maintaining individual patient privacy.  

Because health information is highly sensitive, we hold the principles of privacy and data protection in highest regard.  We believe this same health information can be used wisely and responsibly to provide valuable resources and education that translate into real value for both providers and patients. 

Our business model is to provide objective benchmarking information and outcome data to consumers and manufacturers of products related to dialysis.  As a company, we are patient privacy and data protection advocates de-identifying individual patients and sensitive data.  Assuring appropriate leadership, CORA has a privacy officer whose role is to ensure data integrity and security. 

CORA’s  leadership is based on a set of shared beliefs:

1. The foundation of our privacy commitment to patients is rooted in our use of de-identified patient information in all reports and services. 

2. CORA’s clinical reporting services and resources create value for the entire dialysis community. However, security is important, and we will protect the integrity of personal data and health information in our charge. Our privacy officer has authority to take measures that are proportional to the privacy risk.

3. We will be open about our services and products and, where required, offer appropriate choices for information collection or use to stakeholders in the healthcare community. However, CORA commits to not share any information with vertically integrated providers of dialysis products and services without prior written consent.

These core beliefs are a baseline set of values shared by all at CORA.  We put these beliefs into action through policies, guidelines and internal procedures that are reflective of our privacy commitment. We expect to be held accountable for these practices and will proactively audit our policies, guidelines and procedures to measure our compliance.

For more information, please contact our privacy officer.

Security

The Clinical Outcome Resource Application is adequately safeguarded by technology utilized at Bellco Health.  These technologies work to guarantee the availability, security and privacy of important sensitive data.

The CORA system is run on redundant dual-processor Dell Servers running Microsoft’s Windows 2003 to allow for failover in the event of application or database failure.  Also, the system belongs to a locked data center with redundant Internet Service Providers and a large UPS system to guarantee power.  To ensure access even following a large disaster, backup tapes are stored offsite with Iron Mountain and Sungard has arranged redundant systems in a separate state. 

The CORA system is protected by two stages of application layer firewalls as well as an Intrusion Protection System.  Both are monitored on a 24/7 basis by a qualified staff and audited yearly by Price Waterhouse Coopers.  In addition, all browser communication with the CORA system is encrypted using industrial strength 128-bit SSL encryption from Verisign.  Lastly, all operating systems and applications used in the CORA system have been locked down according to best practices dictated by software vendors such as Microsoft and IBM.

The CORA system uses Microsoft’s Active Directory to ensure that all customers have passwords that meet a secure complexity standard.  IBM WebSphere Portal ensures that the information that each customer is presented with will be privately tailored and secluded from other users.

By ensuring that data is always readily available, secure and private CORA is well suited public electronic use.