HIPAA-level Security, Reliability, Performance

  • 0

HIPAA-level Security, Reliability, Performance

Category:eChain News,eChain Value Sidebar,eChainRF-Asset Mgt,Global Business Manager Tags : 

At eChain Technology, we provide best in class application and data security, reliability and performance by implementing our 3-tier approach to ensure our systems and client data are as secure as possible.  Our security protocols are in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for protecting the privacy of individually identifiable health information, called protected health information (PHI).

Our primary security protocols focus on the Physical and Technical Safeguards that provide system and data security, reliability and high performance.  We provide Administrative Safeguards internally and as a service to our clients to ensure total HIPAA compliance.  Our focus is to find the perfect balance between performance and security.

Find out more about HIPAA compliance here:  http://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/

System Performance and High-Availability

HIPAA Data Center Compliance

HIPAA Data Center Compliance

eChain Technology uses high powered, ultra-reliable servers with Solid-State Drives (SSD) for extreme performance.  Our servers are expertly tuned by our team of engineers and monitored 24/7/365.  We offer 3 primary data centers located around the globe so that your data is physically closer to you and your visitors.

Our servers feature up to 20X faster page loads than other web sites using caching options (Memcached, Turbo Cache, OpCache/APC) that increase the performance of our databases, HTML content, and PHP response time.

99.9% Uptime Guarantee

Our 24/7/365 support staff with expert system admins keep your server running at its peak. We use industry best practices, the best data centers and ensure your server has the latest security patches. That’s why we guarantee that your site will be up over 99.9% of the time.  Of course, this guarantee does not cover outages or circumstances beyond our control like internet outages, DDoS or attacks on our servers, your ISP network, or Browser issues.  Also, we will periodically perform routine maintenance on the servers.  These outages will be communicated to you in advance

Redundant Network

  • Dual Fiber Entrance
  • Multihomed network connectivity via: Level (3), Savvis, Global Crossing and Cogent Communications

Database and File backups

  • Our system uses Server Rewind to restore files and databases on our sites
  • Server rewind is an extremely simple and efficient way to quickly restore systems to known good configurations
  • All our servers have redundant hard drives for real-time RAID 1 mirrored backups
  • We also have off-server backups. These server backups are stored for the last 30 days

Redundant Power Supply

  • 300kVA UPS uninterrupted power
  • 480V 3-Phase building power
  • 1200 AMP -48 DC Power Plant
  • 750kVA Cummins Diesel Generator
  • Single active path for power source from DTE Energy
  • 20A 120VAC UPS circuit

Closely Regulated Environment

  • 15 air conditioning units
  • Data center properly set at 68 degrees Fahreinheit
  • Climate controlled with humidity levels between 30-40%
  • Static free flooring

Physical Safeguards

HIPAA requires and defines physical safeguards regarding Facility Access and Control, and Workstation and Device Security.  The eChain data center is SSAE16 certified. Physical data center security measures include:

  • Gated parking lot with security key entry
  • Security key needed to enter data center
  • Security key needed to access fully enclosed locked server rack
  • Video surveillance

Technical Safeguards

HIPAA defines technical safeguards as relating to Access Control, Audit Controls, Integrity Controls, and Transmission Security.

Access Control

  • Only authorized persons (eChain Partners) have to access electronic protected health information (e-PHI)
  • eChain maintains at least 2 environments for each production client. Dev and Production
  • Each environment is physically separated on the eChain servers, with different access credentials
  • Each database is different, with different login credentials
  • Developers and Staff only have access to Development environment
  • Only partners have access to production environment applications, databases and data.
  • e-PHI are only maintained in the production environment

Audit and Integrity Controls

  • The eChain systems have built-in transaction archiving capability
  • Data is never improperly altered or destroyed
  • All transactions are recorded – reversals or adjustments create offsetting transactions
  • eChain Technology has documented processes and procedures governing Technical Safeguards

Transmission Security

  • eChain production environments use SSL (Secure Socket Layer) certificates
  • The SSL certificate is 2048 bit RSA private / public key pair
  • Production web sites and application sites will begin with HTTPS://
  • ALL Information between the eChain server and user browser is encrypted
  • SSL enables you to send data securely (encrypted) between your web site and your visitors
  • SSL certificates can prove your identify to visitors
  • eChain utilizes Dedicated IP address for additional security and authentication

Administrative Safeguards

HIPAA defines Administrative Safeguards as having a Security Management Process, designated Security Personnel, Information Access Management, Workforce Training and Management, and undergo a periodic Evaluation.  We adhere to these guidelines to provide a safe, secure and high-performance solution to our clients.