DocuMed is committed to meeting HIPAA (Health Insurance Portability and Accountability Act) compliance. We remain diligent in our internal security guidelines and continuously work to achieve the highest security levels possible. Our focus aims to protect the confidentiality of all privileged patient and client information stored internally and transferred over public networks. As part of our total commitment to security and HIPAA, DocuMed has addressed these key areas:

  Access Security

DocuMed uses the latest technology software to ensure that only authorized users can access the DocuMed software and website.  Each user is authenticated by a strong userID and password.  Information pages are only available to authorized users and are managed by role-based authentication procedures. We use firewalls and anti-virus software to block unauthorized access.  DocuMed remain diligent in managing access through business practices that ensure that only current employees and clients are authorized.  Background checks are also conducted on DocuMed employees and vendors.

  Data Architecture Security

DocuMed uses multiple features of Microsoft's ASP.NET Web application architecture to maximize its security protection efforts. Various approaches to authentication, authorization and secure communication are used throughout your application's multiple tiers to ensure a defensible security strategy.

The diagram below summarizes the various technologies available by Microsoft together with the primary authentication and authorization options provided by each one.



.NET Web Application Security

  Physical Security

The DocuMed data center operates in a secure site with on-site security professionals to monitor physical access to the site 24 x 7.  Access to the data center is through secure card verification.  Our security measures include stringent personnel access which subjects people requesting physical access to multiple levels of identity verification.

  Security Awareness Training

To work effectively, IT security must be regarded as an attitude. Providing firewalls and antivirus software and intrusion detection will only get you so far.  DocuMed offers security awareness training to all of its full-time staff in order to be diligent in avoiding an IT security breach.  The weakest link in a company's defenses is almost always a person rather than a lump of technology.

  Penetration Testing

There's only one way to discover the true state of IT security, and that's to try breaking it.  DocuMed uses automated software products which try to mimic the behavior of a typical hacker. But the best way to discover the full truth about the state of your security is to undergo a penetration test which identifies security holes, then plugs them.

  Business Continuity Planning

Business continuity planning (BCP) help us plan to keep our doors open in the face of both natural and human-made problems while minimizing the impact of disruptions on customers and business operations. We start by working with our business unit managers to prioritize the recovery process with the criticality of the business function. The planning, testing, and execution of a business continuity plan are a constant and ongoing effort that has to reflect changes in the makeup of the business and changes in the threats that the business faces.  Here are the steps we have taken: