P.O. Box 292575,
Lewisville, TX 75029
Privacy and confidentiality of student health information is a top priority of Sentry MD. We understand the trust and confidence our customers place in us and we take profound measures to safeguard this very private and personal information. All release procedures, both emergent and non- emergent, have been designed by medical records professionals. Student information can be disclosed only with valid authorization, and only when the identification, verification and authorization processes have been completed. Extensive system security is employed, further described below, and all authorized users have personalized accounts with confidential passwords, codes and/or PIN numbers. SentryMD is committed to adhering to all state and federal laws governing the privacy and confidentiality of health information including the laws in the HIPAA Legislation.
Sentry MD provides State of the Art Security to ensure that customer data is not compromised. We do this by providing controls on three levels: Data protection/ Unauthorized User Access, User-Specific Access and Physical Infrastructure. Sentry MD devotes significant resource in continuing to develop and maintain our multi-tiered security structure, and we are proud of our results: Unsurpassed security and privacy of our customers’ information.
Your data is YOUR DATA and your data only. Sentry MD has put together a strong solution to ensure this through:
– Data Encryption: Sentry MD leverages the strongest encryption products to protect customer data and communications including 128 bit SSL certification. The yellow ‘lock’ icon in the browser indicates to the user that the data is fully shielded from intrusion while in transit.
– Application Security: Sentry MD’s application security model prevents one SentryMD customer from accessing another customer’s data. Every user is assigned to a group that defines their rights. Our core engine/system uses these rights to control all users’ access to the information.
– Server Management Security: A very limited number of Sentry MD security-focused employees to the production equipment necessary for management, maintenance, monitoring and backups. Our engineering team performs all of the above referenced activities.
In many cases, different users have different responsibilities and therefore require different levels of access to the system. Sentry MD has installed an easy to manage, yet completely secure system, to insure users’ rights and access are closely structured and monitored. Below are the highlights:
Individual Access: Users only access Sentry MD with a valid username and password combination, which is encrypted via SSL during any data transfer.
Access Rights: Each customer’s “users’ access rights” are controlled by an administrator who manages their users’ rights (viewing and modifying based on folder, document level, reports, indexing, etc.) up to row and column (attribute) levels. An option for electronic signature is available and with this capability, any document modification can be easily detected.
Auditing/Logging: A standard auditing/logging system is also in place to insure any changes made in the system can be tracked. In other words, nothing is done in the system without a record!
Our production servers and data storage devices are located at a facility that provides 24 hour monitoring and physical security, redundant power, reserve generators, and other backup equipment that is designed to keep the servers continually up and running. Your data will always be secure and available- without interruption.
In addition to the physical components of data security, Sentry MD also supports redundant, multi-tier architecture for its servers and data storage. All customer data is stored on carrier class disk storage using RAID disks. All customer data, up to the last committed transaction, is automatically backed up on a daily basis. Full backups are completed on a weekly basis. In addition, complete backups are burned on a DVD upon customer request – and can be done with any frequency required. The data that resides on the servers is never removed, unless at customer request.