CONFIDENTIALITY AND SECURITYOnline Test users are encouraged to delete client names when their assessment process is completed. This proprietary name deletion procedure involves a few keystrokes. Once names are deleted they are gone and cannot be retrieved. Deleting names does not delete demographics or test data which is downloaded into the tests database for subsequent analysis. This name deletion procedure insures confidentiality and full compliance with HIPAA (federal regulation 45 C.F.R. 164.501) requirements. Windows diskettes and flash drives are sent out with 25 or 50 tests on them. When these tests are used the assessor returns the diskette or flash drive to Behavior Data Systems, Ltd. (BDS) or Risk & Needs Assessment, Inc. (Risk & Needs). As explained in test manuals, before returning diskettes or flash drives to BDS or Risk & Needs test users are asked to delete client’s names from diskettes/flash drives. Name deletion is the test user’s responsibility. When a diskette or flash drive is returned to BDS or Risk & Needs it is logged in as returned in our tracking system. The diskette or flash drive then is processed through a File Transfer Program (FTP) that extracts client demographics (age, sex, race, date of birth, education, etc.), history questions (age of first arrest, number of arrests, etc.) and client response data (answers). This data is used for research – no names or identifying numbers are needed and none are collected. After the data is transferred to our database (minus names and/or identifying numbers) physical diskettes and flash drives are destroyed. DISKETTE / USB FLASH DRIVE “DELETE NAMES” OPTIONONLINE (INTERNET) “DELETE NAMES” OPTIONThese software features are provided to provide BDS, Risk & Needs and Online-Testing customer’s “client confidentiality” at no additional cost. It is the test user's responsibility to delete the client's name, thereby insuring that they are HIPAA (federal regulation 45 C.F.R 164.501) compliant. DATABASE SECURITYTo gain access to the actual server room, the guard on duty must personally unlock the door. No visitors are allowed under any circumstances. Our servers are in locked cabinets. The cabinets and servers themselves have fail-safe alarms. If a cabinet is opened or a server moved, an alarm goes off in the guard station and in the monitoring station. Our web server and database server communicate via non-routable protocols. SSL is used to communicate any sensitive information to or from our web servers via the web or FTP. A Sonicwall 240 Network Security Appliance (firewall) protects our servers. The Sonicwall 240 utilizes Deep Packet Inspection, application control, intrusion prevention and SSL VPN for real-time protection without compromising performance. Before a test record is stored in our database, any identifying information (name, ID numbers, etc.) is encrypted before being saved. Thus, all identifying information in the database is unintelligible to anyone. A secure algorithm built into the Online Testing software unencrypts this information before displaying it to a client (test user) over the internet. This insures that only the person who entered the data can access the names and reports for their clients. In addition, at any time, clients (test users) have the option of taking an additional encryption step that renders all information irretrievable. We recommend that all clients (test users) perform this step as soon as they can. Behavior Data Systems, Ltd. P.O. Box 44256 Phoenix, Arizona 85064-4256 www.bdsltd.com info@bdsltd.com or its subsidiaries Risk & Needs Assessment, Inc. www.riskandneeds.com info@riskandneeds.com and Professional Online Testing Solutions, Inc. www.online-testing.com info@online-testing.com Copyright © Protected. All Rights Reserved. * * *
|
||
|