This security policy pertains to the security measures in place at Med DataLink GI for the protection of personal and protected health information. MDLGI.com is HIPAA compliant and all data is encrypted at rest.
Med DataLink GI may, at its sole discretion, use and/or publish de-identified information for research, training, clinical, and other purposes.
To comply with the HIPAA requirements and to provide a high quality secure service, we require all users to have a unique username that is linked to a valid email address.
System passwords are meant to serve as the last line of defense in protecting sensitive patient medical records, as well as billing and financial information. They serve as a deterrent to malicious agents as well as protection against casual or accidental lowering of security through carelessness.
The passwords are encouraged to be as long as possible and have to maintain a level of complexity such that they will not be easily guessed or cracked by a determined attacker. We require 6 or more alphanumeric digits. Of these digits, at least one must be an uppercase letter, at least one must be a lowercase letter, and at least one must be a numeral. User passwords expire every 90 days. Upon expiration, the new password chosen cannot be any password used within the preceding year. A user may change their password at any time.
Every user in the system belongs to one or more access levels. Each user is assigned a set of permissions determined by the administrator of the account. These permission levels are editable as deemed necessary by the account administrator.
Based on access permission, users will sign into their database account in order to submit technical data or access data analyses. Such sign-ins and all data exchanges (uploads and downloads) are protected by industry standard SSL security. All communications are secured with public-key Advanced Encryption Standard (AES). Our website is published at the high-grade 256-bit encryption level which exceeds HIPAA requirements. However, your level of encryption will be determined primarily by your browser's capability and possibly by your geographic location. For optimal security, we recommend using recently updated browser versions.
Your browser will typically display an indicator (such as a "lock" icon) when using a secure SSL connection. In order to obtain third-party verification of this website's identity and to confirm your level of security encryption, please click on your browser's lock icon.
Our database applications run on synchronous servers hosted in several geographically separated high-security data centers. These data centers are secured by magnetically locked doors that require key cards, biometric identifiers, and other protective measures for entrance. Monitored, recording cameras are located in the data center housing the primary servers. The primary facility has redundant electric power, multiple load-balanced fiber-optic internet service providers, redundant environmental controls, and redundant real-time data backup systems.
All sign-ins are protected by an account lock-out system. If a user incorrectly attempts to authenticate three times, their user account will be locked and forced to reset their password.
In accordance with HIPAA policies, the database will automatically log out if left unattended for a period of time. Correct login credentials of the user will need to be provided prior to using the application again.
Please email us if you have questions or suggestions.
To report a security violation, call us at 888-283-5023 ext. 5841.
