Security

We have security measures in place to protect your information and identity:

  • We electronically scramble your information using SSL (secure socket layer) encryption – a widely trusted encryption standard.
  • All of the information you submit resides on our secure servers where only our software can access it.
  • Our employees are trained in our strict privacy practices.

For more in-depth information, please read our Privacy Policy

HIPAA Requirements

The Behavior Connect application is designed to meet HIPAA requirements. The security features include, but are not limited to, the following:

System Protections

  • All data transmission uses 256-bit SSL encryption.
  • Includes a time out feature that logs out users automatically after a defined period of inactivity.
  • An audit table is maintained in the database to track access, modification and creation of personal, identifiable health information. The audit table captures the user ID of the patient whose data was accessed/modified/created, as well as the date, time, and IP address from where the user logged in.
  • Additionally, every record that is written to the database has a date/time stamp as well as the user who added/updated, which is shown on screen for easy reference.
  • Personal, identifiable health information is not saved on the user’s local desktop by the system.

User ID’s and Password Protections

  • All users have a unique user ID and require a valid user ID and password to log in to the application.
  • Passwords are stored encrypted in the database and are not displayed anywhere in the system.
  • Password security rules enforce guidelines for strong passwords
  • Exceeding the maximum number of failed login attempts will lock the user account until the agency’s IT administrator unlocks it.

Access Protections

  • The site-designated administrator grants access privileges to a user based on the roles assigned to the user.
  • All login attempts – both successful and failed – are saved in the database with the user ID, IP address, date/time of attempt and outcome (successful or failed).
  • An audit table is maintained in the database to track creation of the users and the modification of roles linked to users in the system.

For more in-depth information, please read our Privacy Policy