General
Physicians from any GI office, endoscopy unit, ambulatory surgery center (ASC), or hospital located in the United States are eligible to participate in GIQuIC. If you are located outside of the United States and interested in participating, please contact us.
Facilities can register by completing the GIQuIC Registration Form. Payment is accepted via check, credit card, or electronic payment. A participating site agreement and business associate agreement will also be required in order to register.
A GIQuIC Data Manager is somebody who is designated by a participating facility to be responsible for the administrative operations and support for the registry. It is recommended to have one Data Manager per every ten physicians. Click here for more information about the role of the Data Manager.
Training will be provided to every person a site designates to be a GIQuIC Data Manager and is also offered to physicians interested in learning about GIQuIC. Click here for more information about GIQuIC training.
GIQuIC will use the data to help further the goal of improved patient medical care, which may include general educational and research purposes. GIQuIC will not, in any way, use the data contrary to applicable federal or State laws, including laws with respect to the privacy of medical information, or that discloses information attributable to specific, identifiable patients or physicians.
Reporting
Yes, all of the data submitted to the registry is accessible by GIQuIC Data Managers in the form of patient records, in the form of quality measure reports, and in the form of a data download where every data field for every patient can be downloaded to a file.
Once data is entered into the registry, measure reports can be immediately generated. For more information about GIQuIC’s real-time reporting functionality, please click here.
Data Privacy/Technical/Security
Yes, all data in GIQuIC is hosted on Amazon Web Services (AWS) GovCloud. AWS GovCloud encrypts the data at rest with Advanced Encryption Standard (AES) 256-bit encryption.
All data submitted to the registry by or on behalf of a site or practice remain the proprietary information of that site or practice and may be used by GIQuIC and its designees only in accordance with the terms of the GIQuIC Participation Agreement.
The GIQuIC application dashboard is web-based and hosted on AWS GovCloud which is compliant with multiple security standards. Please refer to the compliance details of AWS at: https://aws.amazon.com/compliance/programs/.
It is recommended that Google Chrome be used to access GIQuIC.
Yes, GIQuIC is HIPAA compliant and was built on a platform by our partner vendor, FIGmd, and continues to be maintained by FIGmd. It works on Secure HTTP Protocol (on Port 443) and employs TLS 1.2 cryptographic transmission protocol. Hosted on AWS GovCloud, data at rest is encrypted with AES 256-bit encryption on the cloud and data in transmission within the cloud is encrypted with RSA 2048-bit encryption.
Access to GIQuIC is based on defined user roles. These roles determine the specific menus, tasks, and information to which a user has access. There are standard procedures in place for password selection, expiry, and renewal for respective users that prevent unauthorized access to the registry.
The GIQuIC registry is accessed via individual username and password. Passwords are encrypted using an AES encryption key and transmitted to the server where they are compared to the encrypted password stored in the database. The communication of the encrypted password is secured using Transport Layer Security (TLS). Passwords are never visible in an unencrypted format.
We host the data on AWS GovCloud. Amazon Web Services monitors its data centers 24*7*365. Please refer to the compliance details of AWS at https://aws.amazon.com/compliance/programs/.
FIGmd makes a daily differential backup and a weekly full backup of the data, and the backup data is stored on AWS S3 Buckets.
In case of disaster, data can be restored from AWS S3 buckets within defined Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).