We have security measures in place to protect your information and identity:
- We electronically scramble your information using SSL (secure socket layer) encryption – a widely trusted encryption standard.
- All of the information you submit resides on our secure servers where only our software can access it.
- Our employees are trained in our strict privacy practices.
The Behavior Connect application is designed to meet HIPAA requirements. The security features include, but are not limited to, the following:
- All data transmission uses 256-bit SSL encryption.
- System includes a time-out feature that logs out users automatically after a defined period of inactivity.
- An audit table in the database tracks access, modification, and creation of personal, identifiable health information. The audit table captures the user ID of the patient whose data was accessed/modified/created, as well as the date, time, and IP address from where the user logged in.
- Every record that is written to the database has a date/time stamp as well as the user who added/updated information, which is shown on screen for easy reference.
- Personal, identifiable health information is not saved on the user’s local desktop by the system.
User ID’s and Password Protections
- All users have a unique user ID and require a valid user ID and password to log in to the application.
- Passwords are stored encrypted in the database and are not displayed anywhere in the system.
- Password security rules enforce guidelines for strong passwords.
- Exceeding the maximum number of failed login attempts will lock the user account until the agency’s IT administrator unlocks it.
- The site-designated administrator grants access privileges to a user based on the roles assigned to the user.
- All login attempts – both successful and failed – are saved in the database with the user ID, IP address, date/time of attempt and outcome (successful or failed).
- An audit table is maintained in the database to track creation of the users and the modification of roles linked to users in the system.