Dentisoft OnLine Infrastructure, Security, and Back-up

Dentisoft OnLine (DSOL) is a state-of-the-art application hosted by Dentisoft Technologies in one of the nations leading facilities (Equinix in Asburn, Virginia). DSOL utilizes redundant components in all areas of its infrastructure to ensure that there is no “single point of failure” and that fail-safes exist at every juncture. Both physical and virtual security are maintained using a variety of systemic means and are in accordance with HIPAA requirements. Data back-ups are conducted throughout the day and are stored offsite at EVault a leading provider of back-p and disaster recover systems to the healthcare industry.
The following details the infrastructure deployed, the physical and virtual security apparatus we have assembled, as well as the data back-up protocols and procedures.

Infrastructure Summary

• Redundant web servers, and redundant database servers running in a clustered environment. Microsoft, CISCO and DELL components.
• Firewalls, load-balancers, and tape back-up machinery. CISCO, BIGIP, and DELL components.

Physical Security

DSOL is hosted at the Equinix’s Asburn, Virginia facility, which currently hosts other large well-known internet sites. The host servers reside in a guarded, caged, locked area with biometric access controls. The facility was designed from the ground up for redundancy and security. The shell of the building is fireproof and bombproof, and redundant systems include electrical, HVAC, and multiple back-up generators. Internap technology is regularly implemented to ensure access to multiple Tier 1 internet providers simultaneously. This ensures access even in the event of a Tier 1 outage. Additionally, n+1 architecture is maintained in all facets of the hosting environment in accordance with HIPAA standards.

Virtual Security

Data protection is of utmost importance, and that is why data can only be accessed via a dentist’s personal “super-user” name and password. Only the “super-user” password holder can assign additional staff access the system; giving them user rights, and assigning them personal user names and passwords. All data is encrypted using 128-bit SSL encryption.

Back-up Procedures

Multiple layers of data back-up are employed in DSOL. First, DSOL data is written to two simultaneously-operating servers, in what is called a “clustered environment”. In a cluster, all data is written to multiple machines at once, to protect against the failure of any one. Secondly, data from these servers is written on a real-time basis to a Level 5 RAID back-up disk array. This ensures that hot-swappable back-up data exist at any time. Thirdly, a Level 5 RAID database back-up system takes a snap-shot of the entire database every two hours as additional protection. And lastly, each night, back-ups of the full database are created and sent to two separate EVault storage facilities. The back-up processes and reporting is highly automated--alerting staff members in the unlikely event of a failure.
With DSOL, your never need to worry about back-ups. Your data is being managed in the most state-of-the-art manner available anywhere.

HIPAA Compliance

Practice Management Systems are not considered a “covered entity” under HIPAA guidelines. Dental offices are covered entities however, hence Dentisoft’s responsibility is to ensure that dental offices can become and stay HIPAA compliant, by:

• Performing electronic transactions in HIPAA compliant formats
• Requiring secure passwords to access the patient information
• Provide fields for inputting all required data used in HIPAA compliant transactions
• Performing data back-up in accordance with Title 45, Part 164: Security & Privacy.

HIPAA does address “Access Controls” which govern who has access to confidential information via (1) Mandatory Access Control, (2) Discretionary Access Control (3) Time of Day, (4) Classification, or (5) Subject-object Separation. All apply to Dentisoft OnLine and the system is fully compliant with these requirements.