The recent “WannaCry” cyber attack has people concerned about the security of their online information. With hospital trusts in the U.K. and medical facilities in the U.S. and Canada affected by the attack, people in the medical community are reassessing their web security. At 2Ascribe, the privacy of your information is our top priority. All our systems and processes are compliant with Canadian Federal (PIPEDA) and US Federal (HIPAA) requirements. Here are some common security concerns and what we are doing to ensure the highest level of security.
WEB SERVER
Our WEBscribe web portal offers convenient document management, while also offering high-level security. Typically when a person views a website, their browser and the server where the website is being hosted, are interacting using the HTTP or Hypertext Transfer Protocol standard. Due to the sensitive and private information that is being transmitted with medical transcription, we use a more secure protocol: HTTPS or Hypertext Transfer Protocol Secure protocol. HTTPS ensures that all communications between your browser and website are encrypted, that data cannot be changed, and private information, like patient identifiable information, remain safe. Furthermore, between the web server and the Internet, we employ a firewall; monitoring all network traffic. On top of the firewall, we also use a NAT or Network Address Translation to keep your IP address hidden and secure. As your IP address moves across the router, your private IP address is converted into a single uniform IP, therefore masking your address and keeping you hidden.
As more information surfaces from the WannaCry cyber attacks, one preventative measure that was not taken by many of those targeted was keeping software up-to-date. At 2Ascribe, we ensure that we are constantly staying up-to-date. Our web server applications run on Microsoft-supported operating systems with all of the latest security patches applied as they are released.
Due to the data-driven nature of medical transcription, an SQL injection attack is a concern. SQL or Structured Query Language is programming language designed for managing data, allowing the web server to communicate with our database to retrieve information (like login credentials, for example). An SQL injection is a way for hackers to illegally communicate with an application’s database, harvesting sensitive information and assuming control of the application for their personal benefit. The way to prevent these attacks is to use only parameterized SQL queries. A parameterized statement is an SQL statement with placeholders, such as “?”, that are substituted with real values during execution, ensuring that user imputed variables are never treated as illegal commands. Parameterized SQL ensures that user inputted data is never taken as an instruction or command, therefore ensuring that malicious users cannot access any data.
PASSWORDS
Passwords can be the weakest link in server security. We take great care when it comes to password protection. First, we suggest for best practises that you choose a strong password. You can find out how to create a strong password at Microsoft’s strong encryption password requirements, or ask 2Ascribe to create one for you. Secondly, we suggest that your passwords expire and should be changed regularly. Furthermore, accounts are disabled and IP addresses logged after a number of incorrect attempts. If usernames or passwords are typed incorrectly, we avoid any detailed specificity in our error messages, such as stating an ID was incorrect. This ensures that usernames are kept private. All of our users and passwords are stored with one-way hashing. One-way hashing ensures that your plain-text (unencrypted) password is never stored; instead, a fixed length data string is created, thereby masking your password. This ensures that your password can never be viewed in plain text by anyone, even if the password file is compromised.
PHYSICAL SERVER & NETWORK
Our physical and network operating environment and standard operating procedures meet or exceed minimum requirements for several information security standards including PIPEDA and RCMP in Canada, and HIPAA, HITECH, USDoD, FBI and DEA in the U.S. Our server farm is housed in a world-class data facility, physically separated from other customers by biometrically controlled locked entrances. Only certified technicians who are full-time employees that have passed our background checks are able to access this data. Our servers use full-drive encryption, which means that your data is converted into unreadable code that cannot be deciphered by unauthorized people. All your data is also backed up on a full-drive encrypted server, ensuring access and safety during an outage.
OUR EMPLOYEES
2Ascribe ensures that all our workforce members are trained and understand our security policies and procedures. In addition, all workforce members are trained how to identify, report, and prevent potential security incidents. All those with access to patient identifiable information utilize anti-virus software on all computers that connect to the Internet and/or are networked together. ALWAYS VIGILANT At 2Ascribe, we know that you trust us to do quality transcription for you. A large part of that is to ensure that the sensitive data that you share with us is kept safe. Rest assured, we follow strict guidelines to ensure all data is kept safe. We also know that security threats are becoming more complex; because of this we regularly review security procedures, remind contractors of policies on a regular basis, and regularly audit our policies and procedures to ensure your data is safe.
2Ascribe Inc. is a medical transcription services agency located in Toronto, Ontario Canada, providing medical transcription services to physicians, clinics and other healthcare providers across Canada and the US. Having recently introduced WEBscribe, a client interface portal for document management, 2Ascribe continues to implement and develop technology to assist and improve the transcription process for physicians and other healthcare providers. As a service to our clients and the healthcare industry, 2Ascribe offers articles of interest to physicians and other healthcare professionals, medical transcriptionists and office staff, as well as of general interest. Additional articles may be found at https://www.2ascribe.com.
