Security Paper
Security is a top priority at EDI-Health Group. While all dental professionals are invited to browse through the many public pages on our Web site, secure areas (those where you must log in with your username and password) are protected behind a state-of-the-art security infrastructure designed to safeguard your personal data. When you establish an account with us, your personal and credit card information are stored on our authenticated secure servers. Those servers are hosted at Savvis, the leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. All information you input is encrypted by 128-bit Secure Sockets Layer (SSL) protocol, the strongest available encryption for the Internet. When you sign up for ClaimConnect™, EHG's powerful Web-based practice revenue management and payer connectivity solutions, your patient and practice information is also encrypted by 128-bit SSL protocol and stored on our Thawte-authenticated secure servers hosted at Savvis. As a result, all EHG customers enjoy the protection and peace of mind of a world-class security system.
Industry-Leading Security
EHG has created a best-of-breed security infrastructure assembled from leading-edge
technologies proven to be the most secure for each function. All firewalls and encryption
devices in use are sourced from leading Internet security providers, configured by expert
professionals and rigorously tested before being placed into production.
Because a network is only as secure as its most vulnerable point, EHG implements a broad array of security measures at multiple locations throughout its architecture. Specific examples of our security measures include:
Physical Security
All transaction-based areas of www.dentalxchange.com, including ClaimConnect, are hosted at
Savvis, the leading provider of complex Internet hosting for enterprises with
mission-critical Internet operations. Its Internet Data Centers provide the physical
environment necessary to help keep our servers up and running 24 hours a day, seven days a
week, with sophisticated redundant subsystems, fire suppression systems and security breach
alarms. Entry into the Savvis facility requires an electronic card key and palm scan.
Perimeter Defense
A strong perimeter defense is essential to prevent unauthorized or inappropriate system
access. EHG utilizes industry-standard security in several areas. Our Windows® 2003
Active Directory infrastructure is secured with 128-bit encryption. The networks at both the
corporate office and Savvis are protected by redundant Cisco PIX firewalls. Our communication
between these two networks is encrypted via a point-to-point tunnel. The administrative
passwords to our servers, firewalls and routers are known only to a small number of
individuals and are changed every 90 days. We run intrusion detection software on several
network components and log all accesses.
Data Encryption
The strongest available encryption protects all EHG customer data transmitted over the
Internet. EHG servers have been certified by authentication leader Thawte as Secure Sockets
Layer (SSL) secured, which is the strongest available encryption for the Internet. This is
evidenced by the lock icon in the corner of the user's browser and assures customers that
their data is protected from access in transit. EHG leverages the strongest encryption
currently supported by browsers, using a 1024-bit RSA public key and letting users access
their data with 128-bit encryption from their browsers.
User Authentication
EHG customer data can be accessed only with a valid username and password combination, which
is encrypted via 128-bit SSL certificates from Thawte to prevent theft. Once a session has
been established, an encrypted session ID cookie that does not contain username or password
information is used to identify the user. For added security, the session key is
automatically scrambled and re-established in the background at regular intervals.
Application Security
Similar to multiple ATM machines accessing a centralized banking system, our robust
application security model prevents one EHG customer from accessing another customer's data
when accessing our centralized database system. This security model is reapplied and enforced
for the entire duration of a user session.
ClaimConnect™, which users access to verify eligibility, look up benefit plan details and submit claims or encounters, uses a single-level security system. Authorized users are assigned unique usernames and passwords within a group associated with the subscribing dental practice.
Internal Systems Security
Within perimeter firewalls, EHG systems are safeguarded by a variety of security features
such as network address translation, port redirection, IP masquerading, non-routable IP
addressing schemes and other precautionary measures. Details regarding the implementation of
these security features are proprietary.
Operating System Security
EHG enforces tight operating system-level security by using a minimal number of access points
to all production servers and protecting all operating system accounts with strong passwords;
production servers do not share a master password database. All operating systems are
maintained at each vendor's recommended patch levels for security.
Database Security
Wherever possible, all database access is controlled at the operating system and database
connection level for additional security. Access to production databases is limited to a
minimal number of points; as with production servers, production databases do not share a
master password database.
Reliability and Backup
To prevent data loss in the event of a catastrophic event or failure, all customer data is
backed up on tape on a nightly basis, up to the last committed transaction. EHG further
enhances our reliability measures by storing all customer data on mirrored disks that are
mirrored across different storage cabinets and controllers.
EHG uses several DLT tape jukeboxes and backup software. Our databases, Web servers and database servers are backed up each night. The database servers are configured with three physical disk arrays - RAID1 (two drives), RAID1 (two drives) and RAID5 (three drives with a hot spare). If any individual hard drive in any array were to fail, the application would not stop functioning and these drives are hot swappable. If any of these arrays or the entire server were to fail, the application would stop functioning, but we could recover to the very last transaction.
Savvis provides six hours of battery power, 18 days of diesel generator power and Internet connectivity via all four exterior walls of its facility, in case of a trenching accident or earthquake. In addition, EHG stocks extra computer equipment in case of severe failures. Individuals with administrative security are designated for disaster coverage and alternates are available at all times.
Disclaimer
Even though EHG has established a leading-edge security infrastructure, we feel it's
important to remind our customers that no data transmission over the Internet can be
guaranteed secure and no system is secure against those who share their passwords. EHG will
never ask you for your password and you should have each of your staff that requires access
to our sites get their own username. If a person leaves your practice EHG can disable that
person's account access if you let us know. As a result, while we strive to protect customer
information, EHG does not guarantee or warrant the security of any information transmitted to
our systems or the final integrity of the data.
