Security & Hosting
HealthOffice® Anywhere applications provide scheduling, documenting, reporting, and compliance functionality that equal or exceed all requirements of local, state, and federal guidelines in a single, easy to use program and contain all of the components every school district must have in order to be accurate, compliant, secure, accountable, and fiscally sound. HealthOffice® Anywhere is IDEA, FERPA and HIPAA Compliant.
Each individual user can only see those areas of the program that they have authorization to access. This provides a clean, clear interface without the confusion and clutter associated with unnecessary displays; users will not be aware of any part(s) of the program they won't be using.
HealthOffice® Anywhere provides secure Electronic Health Records to reduce liability of individual users and the district:
- Each user has her/his unique password known only to the user and the ability to change the password at any time so no one else can document under a user's name
- Only authorized users with authorized passwords can log into the system
- Whenever a previously documented record or event is edited, the program automatically creates an audit log, attached to the record that was edited, displaying the date, time, user editing the record, the specific field or fields edited, what they contained prior to editing, and what they contain after editing. This ensures that no one can alter another user's documentation and the integrity of the entire record is maintained.
- An access log, encompassing all students and all users, as well as a student-specific copy of the access log attached to each individual student's record, provides the information required by FERPA of recording all individuals accessing, creating, viewing or modifying any student record.
- Extensive security is provided by group permissions based on “roles” and further limited by individual permissions as to the screens, the students and the reports an individual user can access
- The administrator can suspend all access to the program to any user at any time
We host HealthOffice® Anywhere in order to:
- Help our customers dramatically reduce costs by eliminating hardware, software, and maintenance costs associated with their own IT departments and data centers
- Reduce our customers operational risks by exceptional security systems and utilizing our data center's experienced staff and repeatable processes
- Give our customers access to their data 24/7
- Provide the safety of automatic backups and disaster-recovery
- Provide automatic installation of software enhancements and updates
In short, we excel at managing your HealthOffice® Anywhere applications and data center infrastructure, servers and services so you can focus on providing health services to your students.
Healthmaster Web Services Security
Healthmaster utilizes an off-site, highly secure, Managed Data Center to house its HealthOffice® Anywhere customer databases and processing that includes several layers of security to help protect customer information and yet assure customer access to their information 24/7:
- Layer 1: Premises Security and Procedures – The Managed Data Center housing HealthOffice® Anywhere is a SAS 70, SSAE 16 (SOC 1) & SOC 2, PCI and HIPAA compliant, certified location reflecting the highest standards in the industry. Our Managed Data Center has been independently audited to be HIPAA compliant by a Certified HIPAA Practitioner (CHP) and Certified HIPAA Security Specialist (CHSS) and continues to be independently audited against the OCR HIPAA Audit Protocol annually. This means that it has demonstrated strong controls and safeguards when hosting or processing data belonging to customers.
- Layer 2: Database and Application Server Security – All HealthOffice® Anywhere servers are domain controlled and utilize security strategies to best protect the servers and the customer data housed on those servers i.e. 20+ character passwords, audited enabled SQL servers, login audit enabled servers, access prevention for foreign documents, and programs and other additional security controls.
- Layer 3: Software Security – HealthOffice® Anywhere provides a user interface layer of security that protects the customer data. The software utilizes multi-layer security within the application in order to restrict users from access to information within the customer data set. The application also maintains an Access Log of all users who login and view or change information in the system.
- Layer 4: Healthmaster Restricted Access – Healthmaster restricts access to the Managed Data Center to only those Healthmaster technical and customer support staff necessary to fulfill its obligations to its customers. All Healthmaster employees sign confidentiality agreements upon joining Healthmaster, acknowledging that any information they may acquire relating to customer's students may involve a number of federal laws that impose confidentiality of such information and all employees agree to keep all customer student information that they have knowledge of or access to strictly confidential and not disclose, reproduce, or deliver, directly or indirectly, any of such confidential information at any time either during or subsequent to their employment at Healthmaster.
- Layer 5: Managed backup & Disaster Recovery – With fully managed backup, Healthmaster's off-site Managed Data Center takes over the responsibility for backing up and archiving your data. Managed backup works by using a software client installed on each server. Each night data is encrypted and compressed on the volume(s) to be backed up, and sent to the backup server. Your data never leaves the server until it's encrypted, and no tapes are involved, eliminating the risk of tape loss, and restoration complications.
- Layer 6: High Availability – Healthmaster's Managed Data Center offers the infrastructure and procedures to ensure a high level of availability by ensuring power and network connectivity are provided with a very low chance of interruption. This is accomplished by setting up an environment that includes no single points of failure. If one aspect of the architecture were to fail, there is an additional connection in place to be used, and therefore no disruption to the accessibility of the server; multiple things must go wrong in order for a server to lose availability greatly decreasing the chances of downtime. On the power side, there are two separate, independent power runs from the server to the utility power source and backup generators are in place to deliver power to two separate power supplies on the server. On the network side, two core routers are fed from multiple Internet Service Providers and cross-messed between both routers and network access switches. Network connections have multiple entry points to the data center and that each ISP is on a separate fiber to further mitigate the risk of downtime and ensuring reliable access to both power and Internet connectivity.
As you can see, Healthmaster, together with its Managed Data Center, provides the security and reliability you need to protect your data and access it 24/7.
Contact us for more information about our security and hosting.