HTTPS - digital certificate issued by Digicert Inc.
AES 256 bit server encryption at REST and in TRANSIT
The Smart Day Group Security and HIPAA - the small print
The Smart Day Group is fully committed to employing the very best security for both its internet cloud and mobile software applications.
The Smart Day Group currently employs and maintains very high levels of security. The Smart Day Group constantly monitors the security of its systems for any opportunity to take advantage of any improvements offered by the industry.
The Smart Day Group joins the highest levels of security available with the security ideals contained within The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and intends to continue to adhere to all and any future HIPAA regulations as they may affect systems and products. The high ideals of Data Protection Act 1998 (DPA) are also incorporated. The Smart Day Group security policies contain, but are not limited to the following:
controlled access, authentication and authorization, reliability and system integrity, user availability and confidentiality.
The Smart Day Group Security Policy is designed and operated with the following security components:
Operational use of The Smart Day Group systems and products allows access to users with varying, profiled and controlled authority within a service provider organization enabling the provider organization to restrict user access to sensitive PHI to a minimum and only where appropriate for that user to carry out their job function.
Encryption is utilised on all and every communication between systems and users. The Smart Day Group servers are currently secured by SSL AES 256-bit encryption. This is currently the highest level of encryption commercially available.
The Smart Day Group uses a digital certificate issued by Digicert Inc., a leading Certification Authority, thus offering the service provider entity full confidence for connection to a secure fully authenticated site, that is being operated by The Smart Day Group.
The Smart Day Group employs the best possible methodology to secure provider service data on all servers, located in our data center. The Smart Day Group's cloud data centers are physically and electronically secured. The servers are isolated from the Internet by use of multiple secure firewalls using both hardware and software system blocking to any unauthorized access. All PHI stored on, or processed by, The Smart Day Group’s servers are encrypted at rest and in transit.
The Smart Day Group internal security policies are coupled with registration (Registered number: Z3200854) and adherence to the Data Protection Act 1998 (DPA) that was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and descriptive of, living individuals (defined by the Act as "personal data") which are held either electronically or in a structured manual filing system. The Act came into force on 1st March 2000, with most of its provisions becoming effective on 24th October 2001. Adherence to these acts and compliance under HIPAA as described above ensure that service provider data and individual data storage and transmission will be kept private and confidential. The Smart Day Group will not share collected data with any third party. Service provider data expressly belongs to and is uniquely owned by each service provider that has captured and stored their data with The Smart Day Group. Confidentiality is thus assured.
Individual organisations control the access granted to their users via User ID and password. The Smart Day Group hold strict policy rules to eliminate any unauthorized user from gaining access.The Smart Day Group database uses hashed passwords and never stores a plain text version of user passwords. This avoids the need for any employee of The Smart Day Group to have access to any user’s password. Any user forgetting their password will be forced to construct a new password which will be authenticated by the system’s email verification process.
The Smart Day Group protects users from accidentally leaving private information open on a computer browser screen. The Smart Day Group system will end a user "session" after a set period of inactivity, thus preventing unauthorized use by others from accessing private information if a session is left open when a user forgets to log out.
The Smart Day Group system design ensures that all health information is treated with the utmost confidentiality and privacy. To ensure this is maintained by the service provider entity, all users must ensure that they follow their own provider's policy when communicating any and all sensitive information within their own environment.
The Smart Day Group takes all reasonable measures to secure data on our servers and in our data center. Our data center is both physically and electronically secured. Our servers are protected from the Internet using multiple firewalls which block access by unauthorized parties.
The Smart Day Group offers recommendations to each service provider entity and their system users to ensure joint security compliance. In order to maintain proper security whilst using The Smart Day Group system and products, users should adhere to the following good practices:
whilst The Smart Day Group system forces the use of a password that consists of upper and lower case letters and numbers, users should not use easily recognizable names or number strings. As an example “11Mother22” is very weak, “7877GH+-bvcx89” is very strong.
Users should never share their user ID’s or passwords.
Users should always keep user ID’s and passwords secure.
Whilst The Smart Day Group system forces logouts after a sensible period of inactivity, users should always sign out when they have finished using the service.
Service provider entities should ensure that all anti-virus software and any local firewalls are regularly updated with software and firmware updates on all computers that are used to access The Smart Day Group systems and products.
Mobile users should always update and install all security and software patches as soon as advised. This applies to updates for The Smart Day Group iPad/iPhone and Android apps as well as for all browser applications.
Whilst The Smart Day Group employs the very best procedures and the latest security protocols and technology to ensure full system availability without interruption, any perceived security threat will take precedent over continued system access until such time as any risk of such a threat can be fully eliminated.
For any further information regarding these policies please email firstname.lastname@example.org