Security
- Do we use a secure website?
- ALL communication between your site and ours uses 256-bit SSL encryption, including the upload application.
Attempts to access our web application without using SSL are automatically redirected to a secure connection.
- Users
- Since we deal with HIPPA protected information, every user with access to our system is required to have a private sign-in with a personal password. We do not allow shared logins or anonymous access.
- What rights do users have?
- At least one person at your account must be designated as an Administrator with full rights. The Administrator can then grant or revoke rights to any part of our application for each specific user at your account. We have the ability to limit rights to a very granular level, for example, you may have a user that can view existing patients, but can not add or edit patients.
- Who can add or delete a user?
- We will assist in the initial setup and configuration, after that we encourage the designated Administrator at your site to manage local users. The Administrator can add new people, deactivate existing people, change rights, reset passwords, etc. As part of our policy, we will not, for example, reset a password based on an email request.
- Who can see passwords?
- Passwords are never visible to anyone. Passwords are never transmitted between machines or stored in an unencrypted form and we cannot tell someone what their password is.
- Can we work with your “Single-Sign-On” system, such as Microsoft Active Directory?
- No. Our security system is completely independent and has no access to your network security.
- Do we keep any data in cookies?
- We use only a random, temporary “session” cookie while a user is signed in to the system. We do not store any persistent information on the local computer.
- Do we require that passwords be changed periodically?
- We try to allow you to implement your password policies on our system. There are a variety of configurations.
- What are our minimum password requirements?
- You may choose between allowing a simple password of six or more characters, or requiring a “complex” password with a mixture of uppercase, plus lowercase, plus numbers.
- Do we have a timeout due to inactivity?
- Our default timeout is after 60 minutes of no activity. You may configure your account to timeout anywhere from 5 to 60 minutes. We encourage users to sign-out when they are not using the system and we conveniently place a sign-out button at the same location on every screen.
|
|
