Privacy & Security
Sycle goes above and beyond to ensure your data is safe and secure. We work with our partners at IBM to deliver the very best data security to our customers. Together we maintain, backup, and protect all patient data and financial information.
Our commitment to privacy
When you interact with the Sycle.net website we strive to make the experience easy and meaningful. When you come to our website, our web server sends a cookie to your computer. Cookies are files that web browsers place on a computer’s hard drive and are used to tell us whether customers and visitors have visited the Site previously. Standing alone, cookies do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to Sycle.net, either by responding to a promotional offer, opening an account, or registering for a 30-day Test Drive, you remain anonymous to Sycle.net. Cookies come in two types: session and persistent-based. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. Sycle.net only uses session cookies. Session cookies help us verify your identity after you’ve logged in, and they are required in order to use the Sycle.net application. Users who disable their web browser’s ability to accept cookies will be able to browse our website, but will not be able to successfully use the Service.
Our Site has security measures in place to help protect against the loss, misuse, and alteration of the Data under our control. When our Site is accessed using Microsoft Internet Explorer versions 5.0 or higher, Secure Socket Layer (SSL) technology protects information using server authentication to help ensure that Data is safe, secure and available only to you. Sycle.net hosts the Site in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Finally, Sycle.net provides unique usernames and passwords that must be entered each time a customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.
Security measures include the following:
- Expert team of experienced, professional engineers and security specialists
- Round-the-clock protection of data and systems
- Continuous deployment of proven, up-to-date firewall protection, SSL encryption, and other security technologies
- Ongoing evaluation of emerging security developments and threats
- Complete redundancy throughout the entire Sycle.net Online Infrastructure architecture
Physical Security: Our production equipment is collocated at an IBM Data Center that provides:
- 24-hour physical security
- Enforcement of fingerprint and body weight verification for all facility access
- Solid, steel-reinforced concrete building
- Redundant electrical generators and data center air conditioners v
- Emergency diesel generators
- Other backup equipment designed to keep servers continually up and running Data Encryption: Sycle.net leverages the strongest encryption products to protect customer data and communications, including 128-bit SSL certification and 2048-bit RSA public keys.
User Authentication: Users access Sycle.net only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Application Security: Our comprehensive application security model prevents one Sycle.net customer from accessing another’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Internal Systems Security: Inside of the perimeter firewalls, systems are safeguarded by network high-performance web proxies, access control lists, non-routable IP addressing schemes, and more. Exact details of these features are proprietary.
Database Security: Sycle database servers are not exposed to the internet. All Sycle database servers reside on a separate private network that can only be accessed by the Sycle application. All Sycle administration is through individual, monitored administration logins.
Server Management Security: All data entered into the Sycle.net application by a customer is owned by that customer. Sycle.net employees do not have direct access to the Sycle.net production equipment, except where necessary for system management and administration, monitoring, backups and customer support at the behest of the customer.
Business Continuity and Disaster Recovery: All networking components, SSLaccelerators, load balancers, web servers, and application servers are configured in a redundant configuration. All customer data is stored on multiple database servers with full business continuity fail-over. Data is backed up nightly and stored to a secure offsite facility. In the event of catastrophic failure, data can be restored within a maximum of 24 hours.
HIPAA (Health Insurance Portability and Accountability Act of 1996) is a regulation designed to protect confidential healthcare information through improved security standards and federal privacy legislation. It defines requirements for storing patient information before, during, and after electronic transmission. It also identifies compliance guidelines for critical business tasks such as risk analysis, awareness training, audit trail, disaster recovery plans, and information access control and encryption.
The HIPAA regulation has three main components that apply to “covered entities” (a covered entity is any provider of healthcare services that charges the government or insurance for their services):
Standard Transaction Code Sets
Patient Information Privacy
Patient Information Security (both electronic and physical records)
To learn more about HIPAA, please visit:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.htmlhttp://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act