eMix provides eight layers of security to assure all healthcare institutions that their patient data are protected and preserved at all times. The eMix security architecture enables institutions to comply with requirements of the Health Insurance Portability and Accountability Act (HIPAA), as well as enforce strict security policies of their own.
Physically Secure - Data Center
The eMix data center can only be accessed by a limited number of authorized personnel, and those personnel can only access the Data Center after biometric verification. That is, they can only enter the data center after first undergoing a full palm print scan to verify their identity. Further protection is provided in the Data Center by redundant and emergency backup power and multiple redundant backbone connections to the Internet.
Network Access Security
To protect the eMix network against malicious attacks, network access is restricted by multiple layers of firewalls and 24/7/365 intrusion detection monitoring.
Only verified members of authorized institutions can become fully enabled eMix users. Each authorized institution has an administrator who is responsible for adding or dropping persons as verified users.
Verified users must enter a password to access eMix. The system requires users to create complex passwords.
SSL 3.0/TLS 1.0 Encryption Data Transmission
eMix data are transmitted over the Internet using SSL (Secure Sockets Layer), a secure encryption protocol that ensures that data in transit are virtually indecipherable if it should be intercepted by a non-authorized user.
Data Redundancy and Retention
To preserve information in the event of hardware or software failures, eMix data resides on multiple redundant content servers, database servers, and web-servers in the data center. Additional data back-up and operational redundancy will be provided in the near future.
All transactions between eMix clients and servers are tracked and audited at both the local institution’s eMix database and the central eMix database itself. Thus, if data are lost because of a hardware or software failure at the user institution, they can be recovered from the Cloud.
New Recipient Confirmation
To eliminate illegitimate recipients, this security layer provides for an eMix sender to verify the new recipient’s identity, confirm they have the correct email address, and confirm the new recipient as a legitimate recipient.