Inside EHR Security
Understand the different points of EHR security. Get the details on Practice Fusion's secure EHR, from access control to our world-class hosting facilities.
Practice Fusion Security
Introduction
Security has been paramount in the design of the entire Practice Fusion system. The following details the key security‐related aspects, including user access control, data communication, and Practice Fusion’s data center.
Access Control
Access to the data within the practice is controlled by solid user authentication, user login time windows, user inactivity timeouts, the enforcement of strong login passwords, well defined user roles and access levels. In addition, there is total separation of all data belonging to each practice for absolute privacy and confidentiality.
Communication Security
All data sent between the client UIs and the Practice Fusion servers is encrypted using SSL/HTTPS. Practice Fusion utilizes ultra‐secure tokens; unlike simple numerical database IDs which are easy to guess, Practice Fusion uses 64‐byte hexadecimal strings which are virtually impossible to guess. The number of possible tokens is 16^64 = 1.158*10^77. For those mathematicians out there, this result is close to the estimated number of atoms in the universe.
Data Center Security
Physical Security
Practice Fusion data centers strictly monitor access to all locations using keycard protocols, biometric scanning protocols and continuous interior and exterior surveillance.
- Access limited to data center personnel only without exception.
- All data center employees undergo thorough background security checks before being employed.
- Co‐location of data centers for alternative site hosting in the unlikely event a site is unavailable for a period of time.
Precision Environment
All data centers’ HVAC (Heating Ventilation Air Conditioning) systems are N+1 redundant, ensuring that a duplicate system can immediately come online in the event of an HVAC system failure.
- All air is circulated and filtered every 90 seconds to remove dust and contaminates.
- An advanced fire suppression system designed to stop fires from spreading in the unlikely event one should occur.
- All cables are securely tied down with cable racks suspended from ceilings providing dual routes for all cables.
Conditioned Power
In the unlikely event of a total utility power outage, all data centers’ power systems are designed to run uninterrupted with all servers being fed conditioned UPS (Uninterruptible Power Supply) power.
- The UPS power subsystem is N+1 redundant, with instantaneous failover if primary UPS fails.
- For extended utility power outages, routinely tested, on‐site diesel generators can run indefinitely.
Core Routing Equipment
- All co-located data centers use only fully redundant, enterprise‐class routing equipment.
- All routing equipment is housed in a secured core routing room fed by its own redundant power supply.
- Fiber carriers enter facilities as disparate access points to guard against service failure.
- All servers are also protected by dedicated Cisco firewalls.
Network Technicians
All data is stored in SQL Server 2005 databases contained in Windows Encrypted File System (EFS) folders. Public key certificates for EFS data recovery agents are stored off‐site in a bank vault. All internal data communications between Practice Fusion servers is encrypted using the standard IPSec mechanism. All Practice Fusion servers incorporate their own software firewalls and malware (virus, worm, spyware, etc.) prevention software.
Security Policies
All Practice Fusion staff are subjected to thorough screening and background checks. All staff access to production practice data is strictly controlled on a “need to know” basis, and is done over highly secure protocols. All data backups are performed using encrypted raw EFS files.
Server Software Security
All data is stored in SQL Server 2005 databases contained in Windows Encrypted File System (EFS) folders. Public key certificates for EFS data recovery agents are stored offEsite in a bank vault. All internal data communications between Practice Fusion servers is encrypted using the standard IPSec mechanism. All Practice Fusion servers incorporate their own software firewalls and malware (virus, worm, spyware, etc.) prevention software.