Data Security and Infrastructure

Best practices to protect sensitive medical information

With data being stored at various servers and devices across different departments, safety and confidentiality is ensured using security protocols and access control managed by either Tranquilmoney personnel or the client.

Moreover, our robust infrastructure ensures data transmission and data capture security to rule out any possibility of infringement of your privacy.

Our objectives are to:

  • Safeguard the uninterrupted use of data systems and data networks that are important to the users,
  • Prevent the unauthorised use of data and data systems,
  • Prevent unintentional or deliberate destruction or distortion of data

Benefits to our Customers

  • Physicians can assure patients that their Electronic Health Records are fully confidential and secure.
  • Your billing and patient data is fully safeguarded. Only authorized personnel can access it.
  • Our infrastructure authorization and data transmission procedures provide full data confidentiality.
  • You can access your Data at any time using your password.
Benefits to our Customers

Data Security

Authorization of ePHI Data

ePHI (electronic protected health information) data is stored in various departments such as IT, IS and Medical Billing. Please see below the steps we take to protect this data:

Medical Billing
  • ePHI is stored on servers.
  • The services that are open in servers are http, https, terminal services, remote desktop, and SQL server.
  • Http / Https - PracticeTracker™ App administrator ensures the authorization and supervision by creating a login for the team in PracticeTracker™ database. The user is given permissions based on the role he/she is playing.
  • Server access is restricted to specific users based on project specific login and password.
  • For client software (Medic, AR2000 and OPUS), access is restricted through the user name and password provided by the client.
Information Technology
  • ePHI is stored in servers and the PHI is stored in tapes and CDs.
  • The services that are open in servers are terminal services, SQL server. Claims research team members, IT team and IS team have the access to this server.
  • Only a team leader/project manager can authorize access to the people involved in respective projects.
Information Systems
  • ePHI is stored on servers, CDs, DVDs and also at vendor locations. IS personnel are authorized to access the data.
  • ImageCade has role-based access to users. Authorized by managers and supervisors, the workforce can use the software through personal login IDs.
  • ePHI is stored in tech support systems and access to the data is password-protected.
  • ePHI is also stored in Telefiche software and access is restricted to tech support executives, process conformance supervisors and managers.
Infrastructure Authorization protocols
  • User name, domain access, internet access, email ID, PC and other equipment, based on the helpdesk request raised by the Head of Department / Team Lead (HOD/TL).
  • Access to servers having ePHI data is based on the role and helpdesk request raised by the HOD.
  • Infrastructure for calling such as PC, headset, dialer and printer access is based on helpdesk request raised by the HOD.
Access to Records is given by:
  • Helpdesk request mail from HR & HOD.
Tranquilmoney Offices

Infrastructure

Tranquilmoney has its offices in New Jersey, California and Chennai (Madras), India. Spread over 10,000 square feet in the city center, the back-office in India that seats over 200 people working 24 x 7. The infrastructure includes high speed internet access with redundancies built in using multiple ISPs, 100% power back-up, and a call center with over 100 seats using high speed MPLS lines and VoIP.

Tranquilmoney's servers are hosted and managed by Rackspace out its facilities in Texas City. In addition, there are back-ups available on servers in the back office in India. If for any reason, the servers at Rackspace are down, the servers in India take over and customer faces no down-time.

Data Transmission Security

We have set up a dedicated, secure FTP site for each of our clients, on our server in New Jersey. For each project, clients can upload images and data feeds, as required, to the secure FTP site. The images and data are downloaded at our back-office processing facility in India. The data feeds are consolidated at the back office. The reports and output data feeds are returned or sent back to our New Jersey office, for delivery to the client.

The following data security procedures are followed during data transmission and capture:

  • The client is given access to a Virtual Private Network on our Windows NT server. This uses the Point-to-Point-Tunneling-Protocol (PPTP) to encrypt all the data transfer via the internet.
  • The Unix-based firewall is configured to allow incoming packets to our NT server, but restricts certain types of outgoing packets to ensure that data cannot travel out of the LAN to any unauthorized IP address.
  • Images are password-encrypted on the site before transfer.
  • Username-password combinations control log-in access to the server.
  • Legal contracts establish the client ownership of data and prohibit re-selling any data or information.
  • Automatic compliance with HIPAA.

Network Redundancy with Encrypted Virtual Private Networks

Rather than leasing a single private line between our Indian location and our New Jersey location or client locations, our network is completely internet-architected for maximum redundancy. We use multiple technologies including microwave, fiber optic and ISDN lines to ensure reliable last mile connectivity to the global internet backbone. The internet backbone itself has multiple redundant routes and is very robust.

While we use the internet, we use sophisticated firewalling mechanisms, username-password combinations, image encryption, and Virtual Private Networks (VPN) to ensure the privacy of our clients' data. Medicare has announced that internet transmission of data is acceptable as long as suitable measures are taken, and hence there is a widespread acceptance of this methodology.

<certified EHR software

CASE STUDY

Electronic Health Records ONC-ATCB Certification Criteria

Electronic Health Records Systems are required to undergo various qualification tests for certifications. The White Paper draws the list of criteria.

Read More

BLOG

How Tranquilmoney solves the challenges of ambulatory care facilities

As per the HITECH Act, Tranquilmoney with its ambulatory EHR-compliance software - PracticeTracker™ and its consulting teams, ensures optimum utilization of the technology.

Read More

Download