HIPAA Security - SMARTMD HIPAA Security - SMARTMD

SMARTMD. Safeguarding Your Data.


Security is not as simple as encrypting a few files. In fact, HIPAA regulations require a lot more. This is how SMARTMD safeguards any data you share with us.

Protecting Against Data Breach

SMARTMD protects your data stored in our cloud from being stolen as well as being manipulated.

AES 256 Bit Encryption

  • We keep your data at certified Tier 4 datacenters, where physical access is monitored 24x7 and the servers are behind locked cages and armed guards.
  • To reduce the potential for cyber theft, SMARTMD encrypts your data using HIPAA compliant AES-256 level encryption algorithm. (read more)
  • We ensure your data hasn’t been altered while at rest at our datacenter using a technique known as hashing. A ‘hash’ is just a number, calculated from the data itself, and stored separately from the file. When we pull the file from storage, we calculate the hash on the file again and compare it to what we had recorded before storage. If they match, we know the file we retrieved hasn’t been altered.

Protecting Against Unauthorized Access

An overlooked element of security are passwords themselves. Although we can’t force users to select complex passwords, we can provide a few tools to minimize and detect misuse.

  • We audit all login activity so that your security team can regularly check whose accessing your records.
  • Later this year, we’ll be introducing two-factor authentication, which is a mechanism currently used by banks to secure access.
  • Internally, SMARTMD changes our passwords every 90 days and we use long, randomly generated keys to ensure that intruders can’t easily guess our logins.

Protecting Your Data on Mobile

PHI is most vulnerable on the go, on devices that leave the safety of a lock and key. That’s why HIPAA mandates that any PHI on mobile devices (phones, laptops, tablets) be encrypted.

  • Our app for the iPhone and iPad encrypts not only your recorded dictation, but any photos you take, reports you review, and charts you open.
  • SMARTMD uses AES-256 bit encryption, which is required by HIPAA.
  • You don’t have to do anything to turn on the encryption other than set a passcode on your phone.

Protecting Your Data Against Loss

Having access to your patients records can be a matter of life or death. That’s why we backup all the data you send us. So that in case your EHR goes down, or your servers get corrupted, you can rely on us for disaster recovery.

  • We ensure access to your records by running our servers at Tier 4 data centers that guarantee 99.995% uptime. Our data centers are able to meet these SLAs (service level agreements) because they have fully redundant power, HVAC, and network connections.
  • We backup our data to an offsite location, so that should a disaster affect the production systems, we can still recover your records.

Protecting Your Data in Transit to SMARTMD

We block hackers from intercepting the data that’s being passed between you and SMARTMD by encrypting traffic.

  • SMARTMD uses industry standard secure socket layer (SSL) to encrypt all data that passes between you and us. That’s why our websites, including our public internet site www.smartmd.com, all start with the url “https://”. (learn more)
  • How can you tell? Its easy, just look at the URL next time you go to one of our websites. Your browser will show you a green padlock, letting you know that the connection is secure. If there were any insecure links on the page, you wouldn’t see that indicator.