Security
The viewing of consult information is restricted to a minimal subset of users that have legitimate “need to know” information in order to fulfill their responsibilities. Each Facility contains only the consult information related to a pre-defined organizational entity established at account setup. Within each Facility, a user can view and manipulate only consult records in which he or she has been authorized to participate.
The BioEthx web service is fully protected through Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), DoS/DDoS mitigation, Web application and traditional firewall protection, website vulnerability monitoring, and 24x7x365 operational monitoring and response services. The hosting facility maintains certified compliance with all relevant industry security standards including the payment card industry PCI/DSS standard, and the SAS70 and SSAE 16 service auditing standards.
Network transmissions are protected by the same HTTP/SSL encryption technology used today in e-commerce, online banking, and healthcare applications. It is widely accepted as an effective mechanism for transmission of Private Health Information (PHI) as defined by HIPAA regulations in the US. Should local policies of a healthcare organization call for alternative methods for encrypting network traffic, BioEthx can offer multiple options to fulfill those requirements, including SSL VPN and IPSEC VPN capabilities.
BioEthx is a HIPAA-compliant company and expects to establish HIPAA Business Associate Agreements with each of its customers to protect their interests.