CareSuite Security Policy Statement

QuickMAR takes great effort to protect your data, adhering to the generally accepted practices found in our industry. Your CareSuite data is stored on computers in a data center. A subset of the data may reside locally, to allow offline usage.

We follow all applicable HIPAA directives, and for your convenience we have listed some of the most important precautions we take to protect this data.

  • 1. Data Security:  We use administrative, physical and technical safeguards that protect the confidentiality, integrity and availability of Electronic Protected Health Information
    • 1.1 Data Center is a Tier II+ data center and a SSAE-16 audited facility. Features include
      • 1.1.1 Redundant uninterruptable power supply,
      • 1.1.2 Redundant internet access
      • 1.1.3 Limited physical access via 2 factor security controls and physically secured server access restricted to Quickmar IT staff.
      • 1.1.4 Redundant Cooling
    • 1.2 The local client database is encrypted using AES128 encryption technology.
    • 1.3 Network traffic between our server and the local computers is through a firewall, and is always encrypted, using 256-bit SSL and 2048-bit RSA-encrypted certificate keys.
    • 1.4 Backups:  All customer data is
      • 1.4.1 Mirrored live to a separate physical server
      • 1.4.2 Backed up every 15 minutes locally to mirrored storage
      • 1.4.3 Daily backups are stored on a separate storage array with internal redundancies
      • 1.4.4 Weekly archives are transmitted securely to offsite within an encrypted storage volume.
      • 1.4.5 We have a professionally-developed disaster recovery protocol.
    • 1.5 The CareSuite application contains a strong set of security features that let you customize your security, including password strength, password expiration, auto-logout, and customizable user roles.

 

  • 2. Data Retention:  All health information is retained in accordance with federal data retention requirements for health care data.2.1 Audit logs capture much of the system activity, including the creation and alteration of data, and is traceable to specific users and specific date and time.
    • 2.2 We use appropriate safeguards to prevent the unauthorized use, disclosure, or access to Protected Health Information.

 

  • 3. Compliance:  We ensure that any agent, contractor or subcontractor to whom we provide, disclose or transmit Protected Health Information agrees to the same restrictions and conditions concerning the Protected Health Information.  

CareSuite Security Policy StatementVersion 1.2, November 2016