Security   »   Security Details

Systems and Operational Security

"Peoplechart is perfect for kids that see lots of doctors. Once, when I had one of the girls in the emergency room, I made a call to the call center and had the summary report and most recent records faxed right to the hospital."

M. W. (Knoxville, TN)

HIPAA Compliance

Peoplechart is HIPAA compliant and meets all the guidelines as defined by AMIA (American Medical Informatics Association) and AHIC (American Health Information Community). As a service provider to healthcare provider organizations, Peoplechart takes the role of a Business Associate as governed by HIPAA stipulations on patient privacy, confidentiality, and security.

Summary of Peoplechart Information Security Processes and Controls

Peoplechart’s security system provides a variety of rigorous information security features, including: state-of-the-art firewall protection, stringent login credentials and verification process, advanced encryption for all internet-based data communications, encryption within Peoplechart's systems for "data at rest", and additional firewall protection between the user interface and system's databases.

In addition, members can further protect their personal information by controlling exactly who is authorized to have access and using the Peoplechart access event log to monitor the details of each access event. Peoplechart's system also gives members the ability to limit the scope of personal information and the systems features that they chose to make available to each authorized user (through intricate table of roles and privileges). The system features also include the ability for the member to set or limit the time period (start time and duration) during which authorized information access is allowed. Finally, Peoplechart’s patented "Dual Channel Lock" system provides an additional level of protection in the event of any unauthorized access to Peoplechart’s systems.

Our "live" or production servers and database are guaranteed 99.9% uptime and protected by a professional and secure data storage facility that is located in disaster-free zone state. The facility includes video surveillance cameras, motion and temperature detectors, and continuously monitoring for online intrusions.

Peoplechart’s Patented System for Protecting Medical Records

For systems that are used to store and provide access to medical records data, information security is always a major concern, especially when that information is accessed or distributed via the Internet. In addition to using state-of-the-art firewall and password protection technology similar to those used by financial services companies for online banking transactions, Peoplechart also employs a patented security system to add an extra rigorous layer of security for protecting member information.

Peoplechart’s patented "Dual Channel Lock System" is specially designed to help minimize the risks associated with systems that enable internet access for their authorized users. With Peoplechart's system, a member's medical data is available to online servers only when that information is needed by the member or the member's authorized care team. At all other times, the member's medical information is safely stored on a database server that is not internet accessible. Peoplechart's patented received issuance of patent for its invention, "Method and System for Protecting Information on a Computer System" (Patent no. 7370349)

List of Key Systems Security Features

System security and privacy controls are imbedded in the architecture and design of the entire Peoplechart system to protect against the loss or misuse of, or unauthorized access to personal health information. Here is a summary of key security features in all of our applications:

  • State-of-the-art firewall and rigorous login credential process
  • SSL/HTTPS encryption technology for protecting all data transmittals between client browsers and Peoplechart servers
  • Encryption of database and of backup disk storage for protection of "data-at-rest"
  • Additional firewall protection between database and user interface tiers
  • Production system operating in secure offsite facility, located in natural disaster-free zone state with guaranteed 99.9% uptime and continuous data backup
  • Patented (Dual Channel Lock) security system
  • Ability to assign specific user roles and privileges to each authorized user
  • Extensive audit trail and automatic notifications
  • Ability for member to have explicit control over scope and timing of access to member’s personal information for each authorized user. The member can:

    • Mark certain types of information to be kept 'private' from users
    • Remove user from care community
    • Set length of access by date and time (duration) for each user
    • Invite or add user to account with preset role-based privileges
    • Change access by turning on/off specific privileges for each user
    • Select emergency access options for unauthorized callers

What Happens if a Security Breach Occurs

Peoplechart's Dual Channel Lock system is especially designed to help mitigate the risks of information loss as a result of unauthorized systems access. With the Peoplechart system, a member’s medical data is available to online servers only when that information is needed by the member or by an authorized user of the member's account. As a result, the information that is exposed to a security breach is limited to the information of members whose access sessions are valid and active at the time a breach occurs.

However, regardless of the strength of a system's information security safeguards and controls, planning for events of unauthorized access is still prudent. What happens in the event of a security breach depends on the specifics of the breach. When unauthorized access or information breach happens, the Peoplechart staff responds by evaluating the source, scope, and nature of the breach as depicted in the Audit Trail feature of each member's account.

First, the Peoplechart staff reviews the scope of the breach by counting the number of member accounts that are susceptible to the breach. Second, the IP addresses of all recent logins for each of the breached account are logged and investigated in order to trace source. Finally, staff reviews the scope of personal information being breached — viewed, edited, printed, or shared with others without member authorization. All of these completed steps and results are to be documented in a Security Breach document as part of the investigation. Any accounts in the Active Session server not impacted by breach are deleted from the Active Server so that no other personal information can remain exposed while the breach is being investigated.

Once the breach is determined to be valid, Peoplechart will notify the members-at-risk with the investigation's findings on source, scope, and nature of the breach. With member permission and help, Peoplechart will take appropriate action steps to limit the damage from the breach; to address the issues at hand; and to set up preventive measures for mitigating the reoccurrences of such risks in the future.

Learn More About Our Systems Security Invention »

Learn More About Our Privacy Policy »