Unique identification of users.
To provide a high-quality, secure service, we recommend all users to have a unique username that is linked to a valid email address.
System passwords are meant to serve as the last line of defense in protecting sensitive records, as well as billing and financial information. They serve as a deterrent to malicious agents as well as protection against casual or accidental lowering of security through carelessness.
The passwords are encouraged to be as long as possible and to maintain a level of complexity such that they will not be easily guessed or cracked by a determined attacker. We require six or more alphanumeric digits. Of these digits, at least one must be an uppercase letter, at least one must be a lowercase letter, and at least one must be a numeral. User passwords expire every 90 days. Upon expiration, the new password chosen cannot be any password used within the preceding year. A user may change his or her password at any time.
Restricted access permission levels.
Every user in the system has an individual level of access. Each user can be assigned an unlimited set of permissions and user associations.
We use the same level of security as the U.S. Department of Defense. That means your secrets ? communications, billing records, patient data ? are safe with us.
- Data exchanges protected by industry standard SSL security
- Advanced Encryption Standards (AES) 256-bit encryption (Encryption level is based on geographic location and browser capability)
- Continuous intrusion detection
- Remote system works well with firewalls (requires access to outbound ports at both ends of a connection)
- Database applications run on geographically separated high-security data centers
- Controlled access primary servers are camera monitored and recorded with on-site, 24/7 security
- Primary security facility features:
? Redundant electrical power
? Multiple load-balanced fiber-optic internet service providers
? Redundant real-time data backup systems
Site locking/timing out.
All sign-ins are protected by an account lock-out system. If a user incorrectly attempts to authenticate three times, his or her user account will be locked and the user will be required to reset his or password.
The database will automatically log out if left unattended for more than thirty minutes. Correct login credentials of the user will need to be provided prior to using the application again.
Changes to this security policy.
We may update this policy at any time for any reason. If there are any significant changes to how we handle security, we will send a notice to the contact email address specified in your company?s account or by placing a prominent notice on our site.
If you have questions or suggestions, please contact us via email.
To report a security violation, please call us at 1-888-283-5023, extension 5860.