MedeFile International Inc. handles highly confidential medical records and documents for the public and the healthcare industry. The nature of their business requires extreme measures to keep medical records and personal information out of the wrong hands. As a countermeasure to fight security breaches, MedeFile has implemented an online security system to ensure the safety and integrity of client data.
MedeFile’s security architecture ensures that its services are provided with the highest degree of privacy and integrity using well established, proven security methodologies. The architecture provides multiple lines of defense with each line employing a distinct mechanism. MedeFile’s security architecture addresses the following key areas: site security, access control, authentication and network communications security.
Site security is implemented to ensure that physical access to the site is controlled by biometric devices and other measures. The MedeFile site physical security system consists of a comprehensive set of proprietary physical and logical controls and a multi- layered internal network. The site has also implemented strict facility and development protocols that ensure the safety of physical access and site-wide restrictions on resource availability and authentication control for all MedeFile users, staff and support personnel.
Access control is used by MedeFile to restrict access to data, based on levels of authorization. The access control begins with web servers that process Internet HTTP transactions from clients that communicate over the Internet via authenticated and encrypted SSL sessions. Each valid MedeFile user has a user ID on the system which provides privacy to sensitive data by encrypting the data. The Security System database fields that contain especially sensitive information are stored in encrypted form and decrypted only when made available to authorized and authenticated requesters. All data accesses are logged in permanent, archived records and all access requests without proper credentials or application authentication tokens are reported to the real-time security alert system.
Another key security area is authentication, which is used to verify that the user is actually who they claim to be. MedeFile members authenticate to the system using a user name and password. Members may change their password at any time during their membership. MedeFile web servers authenticate themselves to the browsers in a SSL session using Secure Server, Class 3 Digital IDs issued by Verisign Inc.
Finally, network communications security is an important security area for the company. Network communications security uses secure cryptosystems to physically or logically prevent unauthorized disclosure of protected data. This is a technologically complicated method to ensure authenticity, but uses an SSL protocol that was originally developed by the Netscape Communications Corporation. This SSL protocol provides security and privacy over the Internet and supports both client and server authentication. A combination of all of these measures ensures that all user information remains safe and confidential.
Let us hear your thoughts: Medefile International, Inc. Message Board