Is Your Patient Information Secure?
For most websites, using a shared server (also known as “shared hosting”) is sufficient. Using a shared server – rented from a company that provides such services – is an inexpensive way to get information onto the Internet and is quite acceptable for many purposes. However, to ensure the safety and security of your data, PatientStudio runs its own data center operations with its own servers. Your database runs on a set of secure servers for PatientStudio only- nowhere else.
PatientStudio uses Windows Server software to run its servers. Windows Server is an excellent product. Unfortunately, as many people know, Windows server software is continually attacked by hackers. To prevent hackers from penetrating our servers, we follow the security plan as suggested by Microsoft itself. We download and install security patches automatically from Microsoft every day. We also automatically download the latest virus definition files from Norton for their corporate antivirus software, every day.
Besides keeping our data secure on the server, we use Microsoft’s New Technology File System (NTFS), which is Microsoft’s most secure file system (the system that actually stores your data on the server’s hard drives). To access data, you need passwords. We use what are known as “hard” passwords and change them often.
Not even the employees of the data center where our servers are located have our passwords or any access to our servers. (For more information about choosing good passwords, see the United States Computer Emergency Readiness Team’s article, “Choosing and Protecting Passwords.” https://www.us-cert.gov/ncas/tips/ST04-002)
The people behind PatientStudio include a team of server experts who work every day monitoring our servers; watching their performance; and administrating their security.
Secure Internet Connection
PatientStudio has both a public website and a private, secure website. Anyone on the Internet can navigate to the public website; like other public websites on the Internet such as the Microsoft website, www.microsoft.com, or the Google website, www.google.com, there’s no need to provide security. The PatientStudio secure, encrypted site is where our clients’ management accounts with personal/health information are hosted and protected from prying eyes.
When a PatientStudio client logs in using a web browser, they will see a small image of a lock next to the URL towards the top of the page. They will also notice the URL in the address window changes from https://app.patientstudio.com. This lock and the change to HTTPS indicate that the page being displayed is communicating between your computer and the PatientStudio server using Secure Socket Layers (SSL).
SSL uses technology and algorithms to encrypt data transferred between the PatientStudio server and your computer, so that if the data is intercepted during the transfer, no one looking at it can make heads or tails of the data. Once the data is on the PatientStudio server, the data is decrypted into its original form as necessary. Likewise, no one can make sense of the data coming from our server to your computer, and only your computer’s browser will be able to decrypt it.
Just as you would not allow just anyone to access a patient’s chart when using paper charts, the same holds true for online forms and storage of electronic information. Since access to PatientStudio is password protected, the practice should use caution as to which individuals receive the passwords. If a staff person leaves the practice, it is prudent to change the password to your PatientStudio app.
Once the practice has imported the patient information from PatientStudio into its own practice management software or EMR, the practice has the option of deleting the forms from PatientStudio.