DentalXChange has created a best-of-breed security infrastructure assembled from leading-edge technologies proven to be the most secure for each function. All firewalls and encryption devices in use are sourced from leading Internet security providers, configured by expert professionals and rigorously tested before being placed into production.
Because a network is only as secure as its most vulnerable point, DentalXChange implements a broad array of security measures at multiple locations throughout its architecture. Specific examples of our security measures include:
All transaction-based areas of www.DentalXChange.com, including ClaimConnect™, are hosted at a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. The data center provides the physical environment necessary to help keep our servers up and running 24 hours a day, seven days a week, with sophisticated redundant subsystems, fire suppression systems, security cameras, locked access specific to our equipment, and security breach alarms. Entry into the facility requires an electronic card key and biometric scans.
A strong perimeter defense is essential to prevent unauthorized or inappropriate system access. DentalXChange utilizes industry-standard security in several areas. All servers and hardware are supported by their manufactures and patched with all current security patches. Actively updated anti-virus endpoint protection is run corporate-wide on all servers and workstations. The networks at both the corporate office and data center are protected by redundant firewalls. Our communication between these two networks is encrypted via a point-to-point tunnel. Administrative access to our servers, firewalls and routers is available only to a small number of individuals. All passwords are required to be strong passwords and are changed frequently. We run intrusion detection software and data loss prevention methods on network components and log all accesses. We constantly evaluate and add to these defenses as industry standards change.
The strongest available encryption protects all DentalXChange client data transmitted over the Internet. DentalXChange servers have been certified by authentication leader Thawte as secured by strong encryption. This is evidenced by the lock icon in the corner of the user's browser and assures clients that data is protected from access in transit. DentalXChange leverages the strongest encryption currently supported by browsers.
DentalXChange client data can be accessed only with a valid username and password combination, which is encrypted via secure certificates from Thawte to prevent theft. Once a session has been established, an encrypted session ID cookie that does not contain username or password information is used to identify the user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Similar to multiple ATM machines accessing a centralized banking system, our robust application security model prevents one DentalXChange client from accessing another client's data when accessing our centralized database system. This security model is reapplied and enforced for the entire duration of a user session.
ClaimConnect™, which users access to verify eligibility, look up benefit plan details and submit claims or encounters, uses a role based security system. Authorized users are assigned unique usernames and passwords within a group associated with the subscribing dental practice and are given specific functionality based on their role. If your practice needs to restrict some users to certain functionality, please contact our client service for help.
Operating System Security
DentalXChange enforces tight operation system-level security by using a minimal number of access points to all production servers and protecting all operation system accounts with strong passwords. All operating systems, commercial applications, and hardware components are conscientiously maintained at each vendor's recommended patch levels for security.
Wherever possible, all database access is controlled at the operating system and database connection level for additional security. Access to production databases is limited to a minimal number of points; as with production servers, production databases do not share a master password database.
Reliability and Backup
To prevent data loss in the event of a catastrophic event or failure, all client data is frequently backed up to the last committed transaction. DentalXChange further enhances our reliability measures by storing all client data on mirrored disks that are mirrored across different storage cabinets and controllers. Data is backed up at both a secure offsite repository as well as at a secure geographically redundant secondary data center.
Our data centers provide many hours of backup battery power as well as 18 days of redundant diesel generator power. There is redundant Internet connectivity via all four exterior walls of the data center facility in a case of a trenching accident or earthquake. In addition, DentalXChange stocks redundant computer equipment in case of severe hardware failure. Individuals with administrative security are designated for disaster coverage and alternates are available at all times.
Certification and Audits
DentalXChange is an EHNAC accredited HNAP EHN and PCI Level 1 assessed service provider recognized by both VISA and MasterCard. Additionally, DentalXChange is partnered with the largest dental insurance carriers in the country and has to satisfy each of their security requirements.
Even though DentalXChange has established a leading-edge security infrastructure, we feel it's important to remind our clients that no data transmission over the Internet can be guaranteed secure and no system is secure against those who share their passwords. DentalXChange will never ask you for your password and you should have each of your staff that requires access to our sites get their own username. If a person leaves your practice DentalXChange can disable that person's account access if you let us know. As a result, while we strive to protect client information, DentalXChange cannot guarantee or warrant the security of any information transmitted to our systems or the final integrity of the data.