The EPHRS has security architecture that ensures the highest level of privacy and integrity by utilizing well-established and proven security methodologies. The architecture provides multiple levels of defense with each employing a unique and distinct methodology.
Security of EPHRS is a core feature of the architecture. Security features such as a firewall, public key encryption, secures sockets, role based security and user authorization is implemented. EPHRS is HIPAA compliant for transaction rules.
Network security utilizes secure crypto-systems that physically and logically prevent unauthorized access to confidential and protected data. Network communications control is accomplished through the use of a fire-wall technology and Secure Sockets Layer (SSL) protocol. Redundant and backup communication services are accomplished through the use of multiple access providers into the Internet.
Authentication protocols are utilized to verify that users and services are actually who they say they are. These protocol technologies are employed when a user logs into the registry, network, or specific application. The authentication is provided through the use of biometric scanning devices, smart-card technology, user accounts and passwords, and digital authentication certificates for both server and client hardware.
Access control methods restrict access to data based on levels of authorization such as the user's role within the organization. Access control is managed through the use of user ID's and passwords and the user's role within an organizations. User ID's and passwords are internally stored as 128-bit encrypted data strings. Application data logging is provided to ensure a complete audit trail of system manipulation.