|
1. SECURITY |
| |
1.1. Physical Security |
| |
1.1.1. |
In addition to internal safeguards built into the ImageExpres™ system, external safeguards are in place to ensure that access to the computerized system and to the data are restricted only to authorized personnel. |
| |
1.1.2. |
The ImageExpres™ servers are stored in a locked secure location. Unauthorized access is prohibited. |
| |
1.1.3. |
ImageExpres™ is operated on servers which function exclusively to provide service to the ImageExpres™ application. The servers are isolated in an environment that houses the servers. These servers are not shared with any other parties and no other applications may reside on these servers.
1.1.3.1.
Remote access software at the server location has been removed so that it is impossible to gain access through a web portal into the servers at the server location. |
| |
1.2. Transmission Security |
| |
1.2.1. |
ImageExpres™ is a web-based application using HTTPS technology. |
| |
1.2.2. |
HTTPS is the protocol for accessing a secure Web server where authentication and encrypted communication is possible. Using HTTPS in the URL instead of HTTP directs the message to a secure port number rather than the default Web port number. |
| |
1.2.3. |
The Secure Socket Layer (SSL) is a protocol for encrypting data across a secure connection for a client to a server with SSL capabilities. The server is responsible for sending the client a certificate and a public key for encryption. If the client trusts the server’s certificate, an SSL connection can be established. All data passing from one side to the other will be encrypted. Only the client and the server will be able to decrypt the data. |
| |
1.2.4. |
ImageExpres™ uses a secure T1 line to the Internet with a bandwidth of 1.5Mbytes per second installed by Verizon and supported by RealLinx. |
| |
1.3. Files are transmitted through a SSL (1.3.2) with an SSL Digital Encryption Certificate provided by Digicert. |
| |
1.4. ImageExpres™ uses a dual router system to provide maximum firewall protection. |
| |
1.5. ImageExpres™ uses two distinct servers, a web-based server and a separate data base server. |
| |
1.6. ImageExpres™ uses the full development /enterprise version Microsoft SQL server. |
WHY IMAGEEXPRES IS NOT A “BUSINESS ASSOCIATE”
The following information is excerpted from the U.S. Department of Health and Human Services' website. It explains why ImageExpres ™ is not considered a "business associate" under the HIPAA Privacy Rule.
“Other Situations in Which a Business Associate Contract Is NOT Required:
When a person or organization that acts merely as a conduit for protected health information, for example, the US Postal Service, certain private couriers, and their electronic equivalents.”
Extracted from 45 CFR 164.502(e), 164.504(e), 164.532(d) and (e) OCR HIPAA Privacy, December 3, 2002, Revised April 3, 2003 |
TERMS OF SERVICE AND USE
|
