HERAE - Security

HOME

COMPANY

TECHNOLOGY

OFFERINGS


TECHNOLOGY Security HIPAA

System Security & Privacy

The security and privacy of the healthcare data used by health plans, providers and other healthcare affiliates is of utmost importance to HERAE. We understand how critical it is to protect patient privacy; therefore, we ensure security through the use of a multifaceted security system with rigorous password and authorization procedures, as well as employing physical security on-premises.

From a physical perspective, the data center includes continuous video surveillance, security breach alarms, and 24/7 on-premises security officers.

Encryption and Firewalls

All of HERAE's Web-based offerings utilize highly secure firewalls to protect our servers and the healthcare claim payment data. Sensitive information is secured with 128-bit secure sockets layer (SSL) technology that encrypts the data that is transmitted between a browser and HERAE's servers.

A first layer firewall protects the web servers from un-registered users. The web servers use the standard SSL to protect the user ID and user password from unauthorized access and to help ensure that the users accessing the system are duly recognized.

The second layer firewall sits between the web servers and the data servers to protect against any security breach of sensitive data or transactions. Both the web and data servers use private IP addresses to prevent any public routing. The firewall recognizes the predefined private IP addresses for the data servers and predefined private port IDs for data transmission and transaction processes between the web and data servers.

IDs and Passwords

In all HERAE products the IDs and passwords assigned by our registration processes require each user to provide information that is defined by our clients. Examples of identification criteria include provider or payer ID, full name, zip code, etc. Our systems validate user provided data against the HERAE database before each new web login session.

Each end-user (providers and their staff members) must use the preset initial security login process to receive a web access login. The transactions are validated via the HERAE security database (SSL and encrypted).

The secured login is managed based upon an access security profile designed with our customers that may vary by individual or job category. Accessibility can be set by job responsibility, data sensitivity, etc. Thus a practice administrator will have a different profile than that of a staff worker and each profile is configurable by the overall security administrator.

Summary

HERAE's network includes a tightly constrained firewall that prevents all but two types of requests from reaching the web application servers and prevents all outside traffic from reaching the database servers. Furthermore, each user account is password protected, HERAE automatically logs out the user after a pre-determined period of inactivity, and HERAE automatically disables logins after a fixed number of consecutive failed attempts. The HERAE security system is an enterprise level solution in addition to the standard web SSL. Our security system provides reporting and a logging facility to support security auditing and potential security breach analysis. Everything any HERAE login does within the system is tracked and reported through security audit information available throughout the HERAE product.