Backups and Security

Backups and Security

ChartCapture & Backups

Your patient data is safe with ChartCapture! This is a formal description of our backup procedures. ChartCapture data comes in two flavors: The actual scanned files and the database that organizes them.

Here’s how we keep them safe!

Scanned Files

The scanned patient files are stored in a highly durable storage infrastructure designed for mission-critical and primary data storage.  The ChartCapture service redundantly stores data in multiple facilities and on multiple devices within each facility.  ChartCapture performs systematic data integrity checks and is built to be automatically self-healing.  All storage locations are 256-EAS encrypted.

Database

ChartCapture also maintains your patient lists, users, chart scan and view history in a database.  The database is backed up every 15 minutes to an alternate device and hourly to multiple facilities and on multiple devices within each facility.  The database backups utilize the same redundancy, integrity and security storage procedures as the scanned patient files.


ChartCapture & Security

We often get asked “How do you protect patient data?”

There is a short answer (“Everything is encrypted, everything is backed up, everything is safe!”) and a long answer. This is the long and detailed answer!

ChartCapture delivers a highly scalable solution for capturing and accessing medical records archives and patient history with high availability and dependability, and the flexibility to work in concert with a wide range of electronic medical records applications. The issues of end-to-end security and end-to-end privacy within the hosted computing world are more sophisticated than within a single data center not facing the Internet. Ensuring the confidentiality, integrity, and availability of client’s services and data is of the utmost importance to ChartCapture, as is maintaining trust and confidence. This document is intended to answer client questions such as “How does ChartCapture help me ensure my data is secure?” Specifically, ChartCapture data center vendors’ physical and operational security processes are described for network and infrastructure under ChartCapture’s management.

This document provides an overview of security as it pertains to the following areas relevant to ChartCapture data center vendors:

  • Certifications and Accreditations Physical Security
  • Backups
  • Platform Security
  • Reliability & Multiple Locations
  • Additional Information

Certifications and Accreditations

ChartCapture data center vendors work with a public accounting firm to ensure continued Sarbanes Oxley (SOX) compliance and attain certifications such as recurring Statement on Auditing Standards No. 70: Service Organizations, Type II (SAS70 Type II) certification. These certifications provide outside affirmation that data centers used by ChartCapture have established adequate internal controls and that those controls are operating efficiently. Data centers used by ChartCapture will continue efforts to obtain the strictest of industry certifications in order to verify the commitment to provide a secure, world-class hosted platform.

Physical Security

Data centers used by ChartCapture are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Data center access and information is only provided to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee. All physical and electronic access to data centers by employees is logged and audited routinely.

Backups

Data stored is redundantly stored in multiple physical locations as a normal part of providing services and at no additional charge.

Platform Security

Security within the ChartCapture platform is provided on multiple levels: The operating system (OS) of the host system, the virtual instance operating system, a stateful firewall and signed API calls. Each of these items builds on the capabilities of the others. The goal is to ensure that data contained within ChartCapture platform cannot be accessed by non-authorized systems or users and that the ChartCapture platform itself is as secure as possible. ChartCapture administrators with a business need are required to use their individual Multi Factor Authentication (MFA) keys to gain access to the platform. MFA uses a dedicated authentication device in the administrator’s physical possession that continually generates random, six-digit, single-use authentication codes for access. All such accesses are logged and routinely audited. When a ChartCapture employee no longer has a business need to administer the platform, their privileges and access are revoked.

Reliability & Multiple Locations

ChartCapture hosted solutions offer a highly reliable platform running in proven a network infrastructure and datacenters with a Service Level Agreement commitment of 99.95% availability for each location. The ChartCapture platform runs concurrently in multiple locations within the U.S. Each location is engineered to be insulated from failures in other locations and are organized into geographically dispersed availability zones in Northern Virginia and Northern California.

Additional Information

The data center vendor for the ChartCapture platform is AWS (Amazon Web Services). Additional information is available at http://aws.amazon.com/security

ChartCapture Terms of Service and Master Subscription Agreement can be found at

http://www.ChartCapture.com/TermsOfService.html

    • Related Articles

    • How to Securely Share Files with File Share

      This article is about uploading documents so they can be shared securely using your ChartCapture portal. If you'd like to import a file into a specific patient's chart, check out our tutorial on importing document into patient charts If you want to ...
    • How to download files from the Aesto Health secure FTP server

      Before you begin, you'll need a few pieces of information. You'll need the domain: sftp.aestohealth.com username: [provided to you by our team] encryption key: [a file provided to you by our team] encryption key passphrase (password): [provided to ...
    • How to save a chart as a PDF file

      How to Save a Chart as a PDF File Need to export a whole chart or part of a chart? No sweat! Here’s how. First, bring up the chart you want to save. Important: This may not work as described if you are accessing the chart via a shortcut link in your ...
    • Exported Chart Organization

      Closing your ChartCapture account? You get your data. It’s yours after all! If you choose to close your account, our team can provide you with a complete copy of your files in PDF format. Here’s how it will be organized: Each letter of the alphabet ...
    • How to Upload Documents into ChartCapture Charts

      This article is about importing documents into patient charts in ChartCapture. If you'd like to upload a file to share with our team, check out our tutorial on our secure File Share Do you have a file you need to get into a patient’s chart? Did you ...