Written by Jason T. Roff

Your data is very safe and very secure. Do you know the difference between being safe and secure? We do.

When we discuss ensuring the safety of your data, we are specifically talking about taking special precautions to make sure that your data doesn't disappear because of hardware failures, fire, theft and even carelessness in software development.

When we refer to establishing security of your data, we are referring to how we guarantee that your data cannot be seen by prying eyes through "snooping" on the Internet, a hack or even by the theft of our servers.

Security of your Data

It makes sense to first talk about your data's security. There are two sites to the SubmitPatientForms.com domain: the public and the secure. The public site is where anybody on the Internet can navigate. This site is just like any other public website on the Internet, such as http://www.microsoft.com, where there is no need to provide security. The secure site, however, is the site that we secure and protect from prying eyes.

Secure Socket Layers for Internet Communication

When you navigate within our secure website, you will notice a small image of a lock in the status bar at the bottom of the browser (when using Internet Explorer). This image indicates that the page you are on communicates with the web server using SSL (Secure Socket Layers).

In a nutshell, SSL uses technology and algorithms to encrypt data that is being transferred to the web server from your computer, so that if this information is intercepted along the way, the people looking at it cannot make heads or tales of it. Once the data is on the server, our web server can decrypt the data into its original form if necessary. The data coming from the server to your computer is also encrypted and only your computer's browser will be able to decrypt it.

If you are interested in reading more about how SSL works, these articles offer an excellent explanation for the beginner reader:

How Stuff Works - How Encryption Works
WikiPedia - Transport Layer Security

Local Encryption for Increased Protection

Although all data sent between your computer and our servers is encrypted, only certain data needs to be kept securely on the server itself. Besides your user password, the database of all your clients falls into this category. This information is saved to our database in an encrypted format rather than in an "open" decrypted format that is "human-readable".

We do this so that the data remains secure in the case that a hacker gets into our server or if a thief steals our equipment. Although we don't anticipate either one of these events happening in the nearby future, we remain prepared.

With encrypted data, a hacker or thief can do nothing without our key and password. Only we know our password as you should be the only one to know yours.

Windows 2003 Server

Generally, there are two flavors of operating systems for servers that run websites: Windows and Linux. We aren't going to debate the pros and cons of each operating system, but we are going to say that Windows 2003 Server is an excellent product; thus the reason we have chosen it as our foundation. Unfortunately, as many people know, Windows gets attacked regularly by hackers.

To prevent a hacker from getting the best of us, we follow a security plan as suggested by Microsoft them self. Besides keeping our data secure on the server, we use NTFS as a lower level of security. NTFS is Microsoft's most secure file system (the code that actually stores your data on the server's hard drives). To access data, you need passwords. We use "hard" passwords and change them often (read more about choosing a good, hard password in this article from the United States Computer Emergency Readiness Team).

We employee a team of hardware experts. These experts work everyday monitoring our servers; watching their performance and administrating their security. We download and install security patches automatically from Microsoft every day. We automatically download the latest virus definition files from Norton for their corporate Antivirus software, everyday.

Safety of your Data

Although security is important, it is only half of the job. If your data is not safe, you can lose it, it can become corrupt, or worst, it can be destroyed. Although we take every step possible to prevent these types of accidents from occurring, we cannot guarantee that they will not happen. However we can guarantee that we will have another copy of your data, ready to go in case of an emergency. This is the key to the safety of your data.

Our Servers

Your data is stored on our servers. We do not rent servers from a provider nor do we rent shared space on somebody else's server. This is very important.

When you navigate to a webpage there is very little you can do to identify the type of server the web page is hosted on. If you were an expert, you could run network commands to learn if it is a Unix machine or a Windows machine, but even that isn't 100% reliable. You can figure out the computer's Internet address (IP address) and who is providing the Internet service for the server (such as Verizon or Comcast), but unless you are an expert, you won't be able to find out if the server has 200 websites on it or if it is really a computer running in somebody's basement.

Shared servers (or shared hosting) are computers used by more than one customer at a time. For most simple websites, this would be sufficient. Going with a shared product is a cheap way to get information on the web and is quite acceptable for a lot of purposes. However, when you are running a company and are entrusted to keep your customer's data secure, it is not such a good idea. With shared products, we wouldn't have control of the system password to the machine. We would have no idea who had access to it. Even worse, other software, from other companies or individuals, would be running on the machine with the possible ability to accessing your data.

This is why we have our own servers. We are the only ones with the passwords to our systems. Not even the employees of the data center that the servers are located in have access to any of our machines.

Backup of Your Data

Your data is backed up onsite and offsite to different servers every night.

Your data is first backed up to local transaction logs in the event that the database were to crash, we could restore it within minutes. Transaction logs are created every hour.

Next, both the transaction logs and the original database are copied to another local server within the same secure local every night. If a machine were to break, we could easily restore the data to another machine and be up and running within a short period of time.

Afterwards, the data is automatically transferred offsite to another location. In the event of a fire, theft or major catastrophe where the machines or the secure data center are lost, we could restore the data to machines in another location.

Class A Data Center

It is our belief that that the only proper location for ours servers is a data center. We have all of our servers located in a Class A data center on Long Island, NY, which ensures that they are in a safe, climate controlled environment with reliable redundant connections to the Internet and various forms of power fail over devices.

Our data center location is run by experts and offers us the following features:

  • Hardware firewall device to deter and stop attackers before they reach our servers

  • A dedicated UPS (Uninterrupted Power Supply) as an immediate power backup solution

  • Natural gas generators sized to run a full load of all the data centers machines indefinitely in case of major power outages (our servers were online during the New England Blackout of 2003).

  • Redundant oversized HVAC systems to ensure the perfect temperate (72 degrees) and humidity (45%) for servers

  • Security access points that require both security card badges and a security code to restrict unauthorized access

  • Digital surveillance camera systems with 60 days of storage to record theft or malicious damage

  • 24/7/365 monitored intrusion detection system and a digital surveillance system to protect the premises


If you are worrying about the security and safety of your data, don't.

When you enter sensitive data on your computer while visiting our site, it is sent to our servers using SSL (a method for transferring data encrypted across the Internet). Once your data arrives at one of our servers, we store your sensitive data in its encrypted form to our databases.

We download Microsoft operating system patches and update our antivirus definition files daily. We own our own servers and we are the only ones with the passwords which are changed frequently. Your data is backed up daily to other local machines and then offsite to another location. Our servers are located in a Class A data center surrounded by climate control and a surveillance system, supported by redundant connections to the Internet and multiple power failover devices.

We work hard so that you do not have to worry.