Security Paper

Security is a top priority at EDI-Health Group - DentalXChange. As a Clearinghouse, DentalXChange is designated as a HIPAA Covered Entity and we take our responsibilities for protecting our PHI, PII, and other data seriously. As a clearinghouse for credit card transactions we are also designated as a Level 1 PCI service provider with additional requirements and audits for credit card data security.Our servers and data are protected behind a state-of-the-art security infrastructure designed to safeguard your personal data. Our data is processed and stored at a leading commercial data center designed to support complex Internet hosting for enterprises with mission-critical Internet operations. Once you have logged in to ClaimConnect™, DentalXChange's powerful Web-based practice revenue management and payer connectivity solution, your patient and practice information is encrypted both "in motion" and "at rest." All data communications between your browser and our server is encrypted by Transport Layer Security 1.2 (TLS 1.2) at a minimum and data stored on our servers is encrypted by several strong encryption methods. As a result, all of DentalXChange's clients can enjoy the protection and peace of mind of a world-class security system.

Industry-Leading Security

DentalXChange has created a best-of-breed security infrastructure assembled from leading-edge technologies proven to be the most secure for each function. All firewalls and encryption devices in use are sourced from leading Internet security providers, configured by expert professionals and rigorously tested before being placed into production.

Because a network is only as secure as its most vulnerable point, DentalXChange implements a broad array of security measures at multiple locations throughout its architecture. Specific examples of our security measures include:

Physical Security

All transaction-based areas of www.DentalXChange.com, including ClaimConnect™, are hosted at a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. The data center provides the physical environment necessary to help keep our servers up and running 24 hours a day, seven days a week, with sophisticated redundant subsystems, fire suppression systems, security cameras, locked access specific to our equipment, and security breach alarms. Entry into the facility requires an electronic card key and biometric scans.

Perimeter Defense

A strong perimeter defense is essential to prevent unauthorized or inappropriate system access. DentalXChange utilizes industry-standard security in several areas. All servers and hardware are supported by their manufactures and patched with all current security patches. Actively updated anti-virus endpoint protection is run corporate-wide on all servers and workstations. The networks at both the corporate office and data center are protected by redundant firewalls. Our communication between these two networks is encrypted via a point-to-point tunnel. Administrative access to our servers, firewalls and routers is available only to a small number of individuals. All passwords are required to be strong passwords and are changed frequently. We run intrusion detection software and data loss prevention methods on network components and log all accesses. We constantly evaluate and add to these defenses as industry standards change.

Data Encryption

The strongest available encryption protects all DentalXChange client data transmitted over the Internet. DentalXChange servers have been certified by authentication leader Thawte as secured by strong encryption. This is evidenced by the lock icon in the corner of the user's browser and assures clients that data is protected from access in transit. DentalXChange leverages the strongest encryption currently supported by browsers.

User Authentication

DentalXChange client data can be accessed only with a valid username and password combination, which is encrypted via secure certificates from Thawte to prevent theft. Once a session has been established, an encrypted session ID cookie that does not contain username or password information is used to identify the user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.

Application Security

Similar to multiple ATM machines accessing a centralized banking system, our robust application security model prevents one DentalXChange client from accessing another client's data when accessing our centralized database system. This security model is reapplied and enforced for the entire duration of a user session.

ClaimConnect™, which users access to verify eligibility, look up benefit plan details and submit claims or encounters, uses a role based security system. Authorized users are assigned unique usernames and passwords within a group associated with the subscribing dental practice and are given specific functionality based on their role. If your practice needs to restrict some users to certain functionality, please contact our client service for help.

Operating System Security

DentalXChange enforces tight operation system-level security by using a minimal number of access points to all production servers and protecting all operation system accounts with strong passwords. All operating systems, commercial applications, and hardware components are conscientiously maintained at each vendor's recommended patch levels for security.

Database Security

Wherever possible, all database access is controlled at the operating system and database connection level for additional security. Access to production databases is limited to a minimal number of points; as with production servers, production databases do not share a master password database.

Reliability and Backup

To prevent data loss in the event of a catastrophic event or failure, all client data is frequently backed up to the last committed transaction. DentalXChange further enhances our reliability measures by storing all client data on mirrored disks that are mirrored across different storage cabinets and controllers. Data is backed up at both a secure offsite repository as well as at a secure geographically redundant secondary data center.

Our data centers provide many hours of backup battery power as well as 18 days of redundant diesel generator power. There is redundant Internet connectivity via all four exterior walls of the data center facility in a case of a trenching accident or earthquake. In addition, DentalXChange stocks redundant computer equipment in case of severe hardware failure. Individuals with administrative security are designated for disaster coverage and alternates are available at all times.

Certification and Audits

DentalXChange is an EHNAC accredited HNAP EHN and PCI Level 1 assessed service provider recognized by both VISA and MasterCard. Additionally, DentalXChange is partnered with the largest dental insurance carriers in the country and has to satisfy each of their security requirements.


Disclaimer

Even though DentalXChange has established a leading-edge security infrastructure, we feel it's important to remind our clients that no data transmission over the Internet can be guaranteed secure and no system is secure against those who share their passwords. DentalXChange will never ask you for your password and you should have each of your staff that requires access to our sites get their own username. If a person leaves your practice DentalXChange can disable that person's account access if you let us know. As a result, while we strive to protect client information, DentalXChange cannot guarantee or warrant the security of any information transmitted to our systems or the final integrity of the data.