ePatientHistory.com fully complies with the HIPAA safeguard standards to ensure that your data is safe and secure. Special precautions to make sure that your data doesn't disappear because of hardware failures, fire, theft or carelessness in software development have been employed. We have established security measures to prevent access to your data by unauthorized users on the Internet, hackers or theft of our servers.
SECURITY OF YOUR DATA
ePatientHistory.com maintains two sites: one public and one secure. The public site may be accessed by anyone on the Internet, contains no sensitive data or information, and there is no need to provide security. The secure site is protected by an SSL Certificate indicated by a small "lock" icon in the status bar on most browsers. This icon indicates that the page you are on communicates with the web server using SSL (Secure Socket Layers) and that all data exchanged between your computer and the ePatientHistory.com server is encrypted during transfer. Should this information is intercepted along the way, it will be completely indecipherable.
Once the data is on the server, our web server can decrypt the data into its original form. The data coming from the ePatientHistory.com server to your computer is also encrypted and only your computer's browser will be able to decrypt it.
Local Encryption for Increased Protection
All data sent between your computer and our servers is encrypted, however only certain data needs to be maintained securely on the server itself. Besides your user password, sensitive patient information is saved to our database in an encrypted format that is not "human-readable", nor can it be decrypted. This ensures that the data remains secure in the event a hacker gains access to our server or hardware is stolen from our data center. In the unlikely event either of these events happen, a hacker or thief will be unable to decrypt the database.
SAFETY OF YOUR DATA
We take every possible precaution to prevent accidents from occurring that may damage or delete your data. Since we cannot guarantee that accidents will not happen, we guarantee to maintain full backups of your data, and are prepared to restore your data in case of an emergency. This is the key to the safety of your data.
Our Servers
Your data is stored on dedicated servers, meaning we do not share space on a server with other websites. This is very important because shared servers (or shared hosting) are computers used by more than one customer at a time. For most simple websites, this would be sufficient. Hosting on a shared product is an inexpensive method for launching a site on the web and is quite acceptable for most purposes. However, when entrusted to ensure the security of patient data, it is not an acceptable option. Software from other company or individual websites operating on a shared server allow the potential to access your data. For this reason, ePatientHistory.com is operated on completely dedicated servers.
Backup of Your Data
Your data is backed up onsite and offsite to different servers every night. Your data is first backed up to local transaction logs in the event that the database were to crash, we could restore it within minutes. Transaction logs are created every hour.
Next, both the transaction logs and the original database are copied to another local server within the same secure local every night. If a machine were to break, we could easily restore the data to another machine and be up and running within a short period of time.
Afterwards, the data is automatically transferred offsite to another location. In the event of a fire, theft or major catastrophe where the machines or the secure data center are lost, we could restore the data to machines in another location.
Class A Data Center
Our server is located in a Class A data center, which ensures a safe, climate controlled environment with reliable redundant connections to the Internet, operated by experts and offering us the following features as well as physical security, intrusion and attack prevention, monitoring and advanced data encryption:
Redundant Power Feeds From Separate Power Grids
Redundant Power Distribution Units
Redundant UPS Battery-Backup Systems
Generator Backup For Entire Building With Automatic Transfer Switch s
Redundant Liebert Temperature/Humidity Control Units
State-Of-The Art Fire Suppression
SAS 70 Type II Certified Physical Data Center Security Controls
HIPAA Compliance Support
Enhanced Access Protection
Enhanced Firewall Support
Enhanced Password Management
Detailed Audit Tracking
Encrypted Offsite Backups
Data Destruction Services
Recording Of Data Movements
Facility Logs & Audits
OWNERSHIP AND MANAGEMENT OF YOUR DATA
The data collected and stored in your ePatientHistory.com database belongs to you and your practice. In the Admin Panel for your account, there is a link to download a Comma Separated Values (CSV) file used for the digital storage of data structured in a table of lists form. CSV files are often used for moving tabular data between two different computer programs, for example between a database program and a spreadsheet program, or EHR system. You always have access to the contents of your database and can download those contents at will by clicking "export records".
Your Admin Panel allows you to manage patient records, deleting non-active patient records or incomplete registrations. With one click of the "export records" button, you can save a file of all records prior to making any deletions. Should it become necessary, deleted records could be restored to your patient database using a previously downloaded CSV file.
Due to the cost involved to setup and maintain a HIPAA compliant database for your account, payment for hosting one year in advance on our server is required. It is our intent to ensure that you elect to renew your service with ePatientHistory at the end of each year. However, a decision not to renew simply results in termination of your online service, not loss of your digitized patient data.