Security Paper
Security is a top priority at EDI-Health Group - DentalXChange. As a Clearinghouse, DentalXChange is designated as a HIPAA Covered Entity and we take our responsibilities for protecting our PHI, PII, and other data seriously. As a clearinghouse for credit card transactions we are also designated as a Level 1 PCI service provider with additional requirements and audits for credit card data security.
Our servers and data are protected behind a state-of-the-art security infrastructure designed to safeguard your personal data. Our data is processed and stored at a leading commercial data center designed to support complex Internet hosting for enterprises with mission-critical Internet operations. Once you have logged in to ClaimConnect™, DentalXChange's powerful Web-based practice revenue management and payer connectivity solution, your patient and practice information is encrypted both "in motion" and "at rest." All data communications between your browser and our server is encrypted by Transport Layer Security 1.2 (TLS 1.2) at a minimum and data stored on our servers is encrypted by several strong encryption methods. As a result, all of DentalXChange's customers can enjoy the protection and peace of mind of a world-class security system.
Industry-Leading Security
DentalXChange has created a best-of-breed security infrastructure assembled from leading-edge technologies proven to be the most secure for each function. All firewalls and encryption devices in use are sourced from leading Internet security providers, configured by expert professionals and rigorously tested before being placed into production.
Because a network is only as secure as its most vulnerable point, DentalXChange implements a broad array of security measures at multiple locations throughout its architecture. Specific examples of our security measures include:
Physical Security
All transaction-based areas of www.DentalXChange.com, including ClaimConnect™, are hosted at a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. The data center provides the physical environment necessary to help keep our servers up and running 24 hours a day, seven days a week, with sophisticated redundant subsystems, fire suppression systems, security cameras, locked access specific to our equipment, and security breach alarms. Entry into the facility requires an electronic card key and biometric scans.
Perimeter Defense
A strong perimeter defense is essential to prevent unauthorized or inappropriate system access. DentalXChange utilizes industry-standard security in several areas. All servers and hardware are supported by their manufactures and patched with all current security patches. Actively updated anti-virus endpoint protection is run corporate-wide on all servers and workstations. The networks at both the corporate office and data center are protected by redundant firewalls. Our communication between these two networks is encrypted via a point-to-point tunnel. Administrative access to our servers, firewalls and routers is available only to a small number of individuals. All passwords are required to be strong passwords and are changed frequently. We run intrusion detection software and data loss prevention methods on network components and log all accesses. We constantly evaluate and add to these defenses as industry standards change.
Data Encryption
The strongest available encryption protects all DentalXChange customer data transmitted over the Internet. DentalXChange servers have been certified by authentication leader Thawte as secured by strong encryption. This is evidenced by the lock icon in the corner of the user's browser and assures customers that data is protected from access in transit. DentalXChange leverages the strongest encryption currently supported by browsers.
User Authentication
DentalXChange customer data can be accessed only with a valid username and password combination, which is encrypted via secure certificates from Thawte to prevent theft. Once a session has been established, an encrypted session ID cookie that does not contain username or password information is used to identify the user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Application Security
Similar to multiple ATM machines accessing a centralized banking system, our robust application security model prevents one DentalXChange customer from accessing another customer's data when accessing our centralized database system. This security model is reapplied and enforced for the entire duration of a user session.
ClaimConnect™, which users access to verify eligibility, look up benefit plan details and submit claims or encounters, uses a role based security system. Authorized users are assigned unique usernames and passwords within a group associated with the subscribing dental practice and are given specific functionality based on their role. If your practice needs to restrict some users to certain functionality, please contact our customer service for help.
Internal Systems Security
Within perimeter firewalls, DentalXChange systems are safeguarded by a variety of security features such as network address translation, port redirection, IP masquerading, non-routable IP addressing schemes and other precautionary measures. For security reasons, details regarding the implementation of our security features are confidential and proprietary.
Operating System Security
DentalXChange enforces tight operation system-level security by using a minimal number of access points to all production servers and protecting all operation system accounts with strong passwords. All operating systems, commercial applications, and hardware components are conscientiously maintained at each vendor's recommended patch levels for security.
Database Security
Wherever possible, all database access is controlled at the operating system and database connection level for additional security. Access to production databases is limited to a minimal number of points; as with production servers, production databases do not share a master password database.
Reliability and Backup
To prevent data loss in the event of a catastrophic event or failure, all customer data is frequently backed up to the last committed transaction. DentalXChange further enhances our reliability measures by storing all customer data on mirrored disks that are mirrored across different storage cabinets and controllers. Data is backed up at both a secure offsite repository as well as at a secure geographically redundant secondary data center.
Our data centers provide many hours of backup battery power as well as 18 days of redundant diesel generator power. There is redundant Internet connectivity via all four exterior walls of the data center facility in a case of a trenching accident or earthquake. In addition, DentalXChange stocks redundant computer equipment in case of severe hardware failure. Individuals with administrative security are designated for disaster coverage and alternates are available at all times.
Certifications and Audits
DentalXChange is an EHNAC accredited HNAP EHN and PCI Level 1 assessed service provider recognized by both VISA and MasterCard. Additionally, DentalXChange is partnered with the largest dental insurance carriers in the country and has to satisfy each of their security requirements. More information about DentalXChange's HIPAA and PCI compliance can be found by visiting our HIPAA page.
Disclaimer
Even though DentalXChange has established a leading-edge security infrastructure, we feel it's important to remind our customers that no data transmission over the Internet can be guaranteed secure and no system is secure against those who share their passwords. DentalXChange will never ask you for your password and you should have each of your staff that requires access to our sites get their own username. If a person leaves your practice DentalXChange can disable that person's account access if you let us know. As a result, while we strive to protect customer information, DentalXChange cannot guarantee or warrant the security of any information transmitted to our systems or the final integrity of the data.