Your data is stored on self-encrypted drives on virtual private servers at remote data centers in the United States. Data centers are unmarked to maintain a low profile and physical access is limited to data center technicians and controlled by biometric sensors. Security cameras provide 24/7 monitoring, and staff are on-site around the clock.
Server systems are protected from virtual intrusion or disruption. Your system is installed on a hardened, patched operating system, with system patching configured to provide ongoing protection from exploits. Dedicated firewalls and VPN services help to block unauthorized system access to the server, and measures are in place to mitigate distributed denial-of-service attacks.
As an additional layer of protection against data loss, your data is backed up every 12-24 hours.
Secure System Access
We have strong operational security measures in place to protect against unauthorized access to your data, including:
- Password policies in place to ensure that strong passwords are used and are changed periodically, in accordance with password best practices.
- Logging, including IP address, date, and data requested, of all data requests and login attempts.
- Automatic user account lock-out after multiple successive failed login attempts.
- Automatic user logoff after a period of inactivity.
- Password-protected databases.
- Differentiated levels of access permissions based on user and role.
- DOM intrusion detection – intrusion attempts are automatically reported to, and monitored by, the system administrator.
Secure Data Transmission
Your data is well-protected while in transit. All data transmissions to or from the EMR are forced over 128-bit or 256-bit Secure Sockets Layer (SSL)-encrypted channels and most file uploads occur over https (HyperText Transfer Protocol with SSL). Plus, file transfers occur over Secure Shell (SSH), a network protocol for secure data communication over an unsecured network (such as the internet).