Security

We have security measures in place to protect your information and identity:

  • We electronically scramble your information using SSL (secure socket layer) encryption – a widely trusted encryption standard.
  • All of the information you submit resides on our secure servers where only our software can access it.
  • Our employees are trained in our strict privacy practices.
  • For more in-depth information, please read our Privacy Policy

HIPAA Requirements

The Behavior Connect application is designed to meet HIPAA requirements. The security features include, but are not limited to, the following:

System Protections

  • All data transmission uses 256-bit SSL encryption.
  • System includes a time-out feature that logs out users automatically after a defined period of inactivity.
  • An audit table in the database tracks access, modification, and creation of personal, identifiable health information. The audit table captures the user ID of the patient whose data was accessed/modified/created, as well as the date, time, and IP address from where the user logged in.
  • Every record that is written to the database has a date/time stamp as well as the user who added/updated information, which is shown on screen for easy reference.
  • Personal, identifiable health information is not saved on the user’s local desktop by the system.
    User ID’s and Password Protections
  • All users have a unique user ID and require a valid user ID and password to log in to the application.
  • Passwords are stored encrypted in the database and are not displayed anywhere in the system.
  • Password security rules enforce guidelines for strong passwords.
  • Exceeding the maximum number of failed login attempts will lock the user account until the agency’s IT administrator unlocks it.

Access Protections

  • The site-designated administrator grants access privileges to a user based on the roles assigned to the user.
  • All login attempts – both successful and failed – are saved in the database with the user ID, IP address, date/time of attempt and outcome (successful or failed).
  • An audit table is maintained in the database to track creation of the users and the modification of roles linked to users in the system.

For more in-depth information, please read our Privacy Policy