|
ProVision uses many security features in order to help ensure that your data is accessed only by the users you designate. Computer security is obviously a field that is constantly changing due to a variety of factors. First, your security needs must be constantly re-evaluated as your operation changes. Second, newer and more sophisticated tools for infiltrating computer databases are constantly being developed. Also, governmental (e.g., HIPAA) and other regulations often mandate changes to security policies. Following is a brief summary of some of the measures that C&S uses.
Server and Network-level Security
Perhaps the most basic type of security is physical security of the server and backup tapes. C&S recommends storing at least one full backup off-site. Other backup tapes should be kept in a locked, fire-proof safe.
C&S recommends that each user of the system be assigned his or her own server login, and that this login have a password, which can be changed regularly. Access times can be assigned to users, i.e., a user can only log on between from 7am to 5pm each day, etc.
In addition to securing the server itself, we further ensure that the server is accessed only from authorized locations, and that the data is protected while it is in transit. Router configurations, access lists, and other similar tools are used to ensure that only users in authorized locations are able to gain access to the server.
It may also be necessary to encrypt data as it is in transit between the user session and the server. In such cases, C&S uses either Secure Socket Layer (SSL) encryption, a standard Internet encryption, or Virtual Private Networking (VPN). Of these two, C&S prefers SSL because the ProVision client has SSL capabilities built in, and because it is more versatile. VPN, on the other hand, typically requires additional third party software and is more difficult and costly to administer.
Application-level Security
The ProVision application itself has a detailed security password scheme, in addition to the system level passwords. Managers can allow each user access only to the parts of application needed by the user. In addition, all financial, demographic, and scheduling transactions are logged, with a date and time stamp, for later review by the managers.
Electronic Data Interchange (EDI) and Regulatory Compliance
ProVision complies with all government regulations for data transmission and storage. As new regulations are released, C&S applies software updates to all supported clients. Electronic claims are submitted in formats approved by the carriers, either directly to the carrier to a clearinghouse with which the carrier participates.
| 
