| Avaz' platform, software and data center meet or exceed security and privacy requirements dictated by international standards organisations, including HIPAA and ISO. Our staff, technology and data centers are subject to the security specifications below.
|
| |
| Physical Security |
| |
| Avaz' data center is physically secured and protected: |
- 24 x 7 onsite security and access management
- Electronic key card and keypad access at all entry and exit points
- HVAC temperature control systems
- Smoke detection and waterless fire suppression systems
- Multiple (redundant) fiber trunks for Internet traffic and inbound and outbound telephony
- Uninterrupted power supply systems
- Onsite generators for power backup
|
| |
Data Security |
Client information is secured at every step through the workflow:
|
| |
| Internet access |
- Requires unique user ID / password
- Repeated failed log-in attempts deactivates account
- Text and voice files on transcriptionists' work-stations are automatically purged
- All access is logged and verified
|
| |
| Telephone access |
- Unique user identification
- All access is logged and verified
|
| |
| Data model server security |
- Each user ID is unique and confidential
- Permissions-based management allows client to determine who can create, view, modify and delete jobs / reports
- User roles restricted to specific set of permissions (users may have one or more)
|
| |
| Audit trails |
- Each report / job is tracked through the entire dictation lifecycle - creating a detailed audit trail
- Customized audit reports available to client's managers
|
| |
| Network Security |
- Cisco® PIX firewalls provide security, packet filtering, content filtering and intrusion detection
- Infrastructure and application changes adhere to control change procedures
- The Avaz network is monitored 24/7 by technical staff and security tools
|
| |
| Data Destruction |
Data maintained on our systems is destroyed based on contractual agreements. Voice-files are destroyed after 1 - 3 months. Completed reports on US transcription work-stations are purged daily.
|
| |
| Data & Voice Transmission |
Transmission between Avaz and customers, and third party applications is conducted through our secure socket layer, using 128-bit encryption algorithms. Where applicable, VPN is used for transmission of data back to the customer.
|
| |
| Business Continuance |
Avaz' business continuance plan in the event of system failure, fire, natural disaster, vandalism or other nterruptions, includes: |
- Redundant and clustered data replication, disc storage, and file-serving environments
- Platform file systems and databases reside in NAS (network-attached storage) devices
- Data backup and off-line media stored at secure locations
|
| |
| Staff Security |
Every Avaz staff member, contractor or other authorized person with access to confidential information must sign a the approprate confidentiality agreement(s). Additional company procedures include:
|
- Access to every patient data is logged and verified by security officer
- Voice / text files saved on transcriptionists PCs are periodically purged (typically once per day)
- Non-US transcriptionists do not have access to disc drives, printers or the Internet and work in our secured facilities
|
