Safety & Security
Your data is safe and secure with PatientStudio™. Safe - we take special precautions to ensure your data doesn’t disappear because of hardware failures, fire, theft and even carelessness in software development. Secure - we take steps to guarantee your data can’t be seen by prying eyes snooping on the Internet, hacking, or even theft of our servers.
We worry about the safety and security of your data, so you don’t have to. When you send sensitive data to us, we use the standard method of transferring your data across the Internet in encrypted form. And once your data arrives at one of our servers, it’s stored in its encrypted format.
We download Microsoft operating system patches and update our antivirus definition files daily. We own our own servers and we’re the only ones with the passwords, which are changed frequently. We back your data up daily to other local machines and then offsite to another location, always in encrypted form. Our servers are located in a Class A data center with climate control and surveillance systems, supported by redundant connections to the Internet and multiple power failover devices.
Unsafe data can be lost, can become corrupt or, worst of all, can be destroyed. While we take every precaution to avoid these kinds of incidents, we can’t guarantee they won’t happen—no one can. However, PatientStudio guarantees we’ll have another copy of your data, ready to go in case of an emergency.
As you create or edit your data, whatever changes you make to your database is backed up—in encrypted form—to a local transaction log so that, if your database crashes or is corrupted, we can restore it in minutes. (Transaction logs are created every hour.)
Both your transaction logs and your database are automatically copied to another local server in our secure local data center every night. If the server holding your database fails, we can easily restore it to another server and you’ll quickly be up and running again.
Periodically, your database—again, still in encrypted form—is automatically transferred offsite to another location. In the event of a fire, theft or major catastrophe in which the server holding your database or our entire data center is lost, we can restore your database to a server in another location.
This multi-level approach ensures that your data is as safe as it can possibly be.
PatientStudio has both a public website and a private, secure website. Anyone on the Internet can navigate to the public website; like other public websites on the Internet such as the Microsoft website, www.microsoft.com, or the Google website, www.google.com, there’s no need to provide security. The PatientStudio secure, encrypted site is where our clients’ management accounts with personal/ health information are hosted and protected from prying eyes.
Secure Internet Communication
When a PatientStudio client logs in using a web browser, they will see a small image of a lock next to the URL towards the top of the page. They will also notice the URL in the address window changes from http://app.patientstudio.com to https://app.patientstudio.com. This lock and the change to HTTPS indicate that the page being displayed is communicating between your computer and the PatientStudio server using Secure Socket Layers (SSL).
SSL uses technology and algorithms to encrypt data transferred between the PatientStudio server and your computer, so that if the data is intercepted during the transfer, no one looking at it can make heads or tails of the data. Once the data is on the PatientStudio server, the data is decrypted into its original form as necessary. Likewise, no one can make sense of the data coming from our server to your computer, and only your computer’s browser will be able to decrypt it.
Encryption on PatientStudioTM Servers
As explained above, all the data sent between your computer and PatientStudio’s servers is encrypted. Once it’s on our servers, all sensitive data (such as your user password and the database of containing your patients’ records) remains encrypted, and only you know the username and password needed to access it.
PatientStudio uses Windows Server software to run its servers. Windows Server is an excellent product. Unfortunately, as many people know, Windows server software is continually attacked by hackers. To prevent hackers from penetrating our servers, we follow the security plan as suggested by Microsoft itself.
We download and install security patches automatically from Microsoft every day. We also automatically download the latest virus definition files from Norton for their corporate antivirus software, every day.
Besides keeping our data secure on the server, we use Microsoft’s New Technology File System (NTFS), which is Microsoft’s most secure file system (the system that actually stores your data on the server’s hard drives). To access data, you need passwords. We use what are known as “hard” passwords and change them often.
Not even the employees of the data center where our servers are located have our passwords or any access to our servers. (For more information about choosing good passwords, see the United States Computer Emergency Readiness Team’s article Choosing and Protecting Passwords - https://www.us-cert.gov/ncas/tips/ST04-002.)
The people behind PatientStudio include a team of server experts who work every day monitoring our servers; watching their performance; and administrating their security.
For most websites, using a shared server (also known as “shared hosting”) is sufficient. Using a shared server—rented from a company that provides such services—is an inexpensive way to get information onto the Internet and is quite acceptable for many purposes. However, to ensure the safety and security of your data, PatientStudio runs its own data center operations with its own servers. Your database runs on a set of secure PatientStudio servers — nowhere else.
Class A Data Center
All of our servers are located in a Class A data center (on Long Island, NY,USA), which ensures that they’re in a safe, climate-controlled environment with reliable, redundant connections to the Internet and redundant power fail-over (that is, fallback) devices.
Our professionally staffed data center offers the following features:
- Hardware firewall device to deter and stop attackers before they reach our servers.
- A dedicated Uninterrupted Power Supply (UPS) as an immediate power backup solution.
- Natural gas generators sized to run a full load of all the data centers servers indefinitely in case of major power outages. (Our servers were online during the New England blackout of 2003.)
- Redundant oversized HVAC systems to ensure the optimal temperature (72 degrees) and humidity (45%) for servers.
- Security access points to restrict unauthorized access, requiring both a security card badge and a security code.
- Digital surveillance camera systems with sixty days of storage to record theft or vandalism.
- 24/7/365 monitored intrusion detection system and a digital surveillance system to protect the premises.