We take HIPAA and security very seriously.
Our system is a complex combination of software and hardware. There is a web server in the center; it has virtually no limits when it comes to the amount of traffic, space and users it can handle. We have email, database, FTP and storage servers linked to our web server 24/7; and there are multiple dial-in servers for phone-in dictations. In addition, we have a backup location where all of the information is transmitted each night. All of our servers are located in the nationally recognized data centers. When old data is purged out of system, it is first backed up on external hard drives and then put into a safe deposit box in the bank.
Security Measures. Most our servers are Linux based. In addition to having standard protection features such as firewalls, anti-virus and scheduled system upgrades, we enforce several other security measures. For example, our Apache and PHP are always running in the safe mode. In addition to firewalls, our code can also distinguish different types of hacker attacks and defend our systems against them. Our email servers have the same password rules and regulations as web servers.
Logging Functionality. We use logging very extensively. We track and keep logs of user actions, document downloads, faxing, emailing, electronic signature, etc. Most of these logs are stored in the main database, while records of the table holding the log cannot be purged out, altered, deleted or archived. Only registered users can use our solution. Every screen which asks a user to enter a user ID or password is protected by security certificate.
Password Guidelines. We have password guidelines which we recommend to our users. Our system enforces password protection as well; such as making sure that there are no duplications of user IDs and passwords, and making sure that the password does not contain repetitive characters, while limiting the number of characters in length. Our system does not record passwords into the database. Instead, it records a hash value of the password. It means that when you enter a password, our system can verify that the password is correct without knowing the real password. That is made with the purpose of protecting your password - even our employees with the database access will not be able to obtain your password and falsify your signature.
We will maintain a permanent backup for all your transcription work as long as you are our customer at no charge.