Os-One Medical Management uses the latest in technology to secure your files in accordance with HIPAA requirements. Here is a brief breakdown of our security services:

• All access is controlled by user ID and Password on a per patient basis. Passwords are changed every 60 days.
• All data transmitted over the internet is encrypted using 128-bit encryption.
• Records are purged from our systems every 30 days. The records are not recoverable using disk recovery programs.
• We use our own dedicated server using proprietary software that does not allow "back door" access of any kind. The servers are kept in a secure, remote and secret location with access controlled by one person only. The systems are backed up by 8 hours of battery back up and the battery backup is supplemented with a generator.
• We automatically check the integrity of the data files every hour of every day.
• The servers are monitored from a separate monitoring system that ensures their reliability.
• Users are automatically logged out of the system when they quit their browser, are inactive for more than 10 minutes, or log out.
• We maintain audit trails of all access attempts by IP address, time and date, whether successfull or not. The log file itself is encrypted and cannot be accessed from the Internet.
• We log the last person who edited a document with the date, time, and ID of the editor.
• "Firewall" protection is in place. The server does not have ports such as ftp, telnet, or even the usual secure protocols available for hacking attempts.
• All Protected Health Information is maintained in the domestic United States and is never sent offshore for any reason.
• Employees and contractors are required to provide valid Social Security numbers and proof of residence within the domestic United States. They are also required to sign HIPAA-compliant Business Associate Agreements prior to accessing any PHI; these agreements are kept in OS-One’s files.