Request a demo today to see the Clinical eNotes system!
Clinical enotes Security
The Clinical eNotes Team prides itself with the deliberate, careful and compliant implementation of security controls at all layers of the application to ensure the security of any stored patient's data. The following are highlights of some of the security controls and practices used in the protection of the Clinical eNotes solution:
Business Continuity Planning - Our plans include secure offsite data storage, recovery site and a contingency plan that allows for the survivability of our mission critical services.
Data Security - processing transactions securely on the web involving sensitive data such as patient records requires transmitting information between the web server and the customer using encryption/decryption techniques. Clinical eNotes uses a 128 bit encryption from a well-known certification authority THAWTE for all data exchange between the user and our web server. All personal health information stored on the Clinical eNotes servers is also encrypted.
Intrusion Detection - Our infrastructure is protected and monitored by intrusion detection and protection mechanisms that allows for an on-duty trained professional to responds to any potential security incidents 24 hours a day, 7 days a week and 365 days a year.
Systems Security - Our certified cadre of systems administrators ensure that systems remain up-to-date by applying the latest security updates and vendor recommended upgrades. They follow best business practices for deploying secure systems into the environment in order to maintain the confidentiality, integrity and availability of the application and its data.
Application Security - Our software development team uses secure coding practices and in-depth application security testing to ensure that code weakness or vulnerabilities are found early in the process and quickly resolved. Our internal training process allows for our team to obtain the latest knowledge on web application attack vectors and threats and how to protect against them when developing code.
Physical Security - Our production infrastructure is hosted in a secure facility approved for the storage of government sensitive information with a security program periodically inspected by U.S. government officials to ensure compliance with government security standards and practices.
Personnel Security - Our internal process reviews all new employees to ensure that they meet strict trustworthiness, financial and criminal background standards. Our process weeds out candidates that could potentially place our client's data at risk because of risky personal behavior or poor training.
HIPAA - The cornerstone of our security program is the adherence to the HIPAA security rule as it relates to information systems. Our in-depth knowledge of the law ensures that our security controls are compliant with the requirements.
Risk Assessment - we perform risk assessments in accordance with methodology outlined in NIST Special Publication 800-30, "Risk Management Guide for Information Technology Systems" and other relevant organizational or federal regulations. During the risk analysis, our team identifies threats and vulnerabilities, analyze controls, and make likelihood determinations and deliver controls recommendations with the risk analysis results.
Vulnerability Assessment - Our team in-depth knowledge of tools, procedures and best practices will be used to assess the risk to current operations in accordance with NIST best practices. We employ our expanded toolbox and certified personnel to ensure risk is rapidly and accurately identified in all security areas.
Training and Certifications - Our team meets all security training requirements using our cadre of Certified Information Systems Security Professionals (CISSP), and Certified Information Security Auditors (CISA) in accordance with best practices like the DoD 8570.01-M - Information Assurance Workforce Improvement Program. Our experienced security team is able to provide security training and assist in certification training for individuals as required by their role.