Written by Jason T. Roff
Your data is very safe and very secure. Do you know the difference between being
safe and secure? We do.
When we discuss ensuring the safety of your data, we are specifically talking about
taking special precautions to make sure that your data doesn't disappear because
of hardware failures, fire, theft and even carelessness in software development.
When we refer to establishing security of your data, we are referring to how we
guarantee that your data cannot be seen by prying eyes through "snooping" on the
Internet, a hack or even by the theft of our servers.
It makes sense to first talk about your data's security. There are two sites to
the SubmitPatientForms.com domain: the public and the secure. The public site is
where anybody on the Internet can navigate. This site is just like any other public
website on the Internet, such as http://www.microsoft.com,
where there is no need to provide security. The secure site, however, is the site
that we secure and protect from prying eyes.
Secure Socket Layers for Internet Communication
When you navigate within our secure website, you will notice a small image of a lock in the status bar at the bottom of
the browser (when using Internet Explorer). This image indicates that the page you
are on communicates with the web server using SSL (Secure Socket Layers).
In a nutshell, SSL uses technology and algorithms to encrypt data that is being
transferred to the web server from your computer, so that if this information is
intercepted along the way, the people looking at it cannot make heads or tales of
it. Once the data is on the server, our web server can decrypt the data into its
original form if necessary. The data coming from the server to your computer is
also encrypted and only your computer's browser will be able to decrypt it.
If you are interested in reading more about how SSL works, these articles offer
an excellent explanation for the beginner reader:
Works - How Encryption Works
WikiPedia - Transport Layer Security
Local Encryption for Increased Protection
Although all data sent between your computer and our servers is encrypted, only
certain data needs to be kept securely on the server itself. Besides your user password,
the database of all your clients falls into this category. This information is saved
to our database in an encrypted format rather than in an "open" decrypted format
that is "human-readable".
We do this so that the data remains secure in the case that a hacker gets into our
server or if a thief steals our equipment. Although we don't anticipate either one
of these events happening in the nearby future, we remain prepared.
With encrypted data, a hacker or thief can do nothing without our key and password.
Only we know our password as you should be the only one to know yours.
Windows 2003 Server
Generally, there are two flavors of operating systems for servers that run websites:
Windows and Linux. We aren't going to debate the pros and cons of each operating
system, but we are going to say that Windows 2003 Server is an excellent product;
thus the reason we have chosen it as our foundation. Unfortunately, as many people
know, Windows gets attacked regularly by hackers.
To prevent a hacker from getting the best of us, we follow a security plan as suggested
by Microsoft them self. Besides keeping our data secure on the server, we use NTFS
as a lower level of security. NTFS is Microsoft's most secure file system (the code
that actually stores your data on the server's hard drives). To access data, you
need passwords. We use "hard" passwords and change them often (read more about choosing
a good, hard password in this article from the United States Computer Emergency Readiness
We employee a team of hardware experts. These experts work everyday monitoring our
servers; watching their performance and administrating their security. We download
and install security patches automatically from Microsoft every day. We automatically
download the latest virus definition files from Norton for their corporate Antivirus
Although security is important, it is only half of the job. If your data is not
safe, you can lose it, it can become corrupt, or worst, it can be destroyed. Although
we take every step possible to prevent these types of accidents from occurring,
we cannot guarantee that they will not happen. However we can guarantee that we
will have another copy of your data, ready to go in case of an emergency. This is
the key to the safety of your data.
Your data is stored on our servers. We do not rent servers from a provider nor do
we rent shared space on somebody else's server. This is very important.
When you navigate to a webpage there is very little you can do to identify the type
of server the web page is hosted on. If you were an expert, you could run network
commands to learn if it is a Unix machine or a Windows machine, but even that isn't
100% reliable. You can figure out the computer's Internet address (IP address) and
who is providing the Internet service for the server (such as Verizon or Comcast),
but unless you are an expert, you won't be able to find out if the server has 200
websites on it or if it is really a computer running in somebody's basement.
Shared servers (or shared hosting) are computers used by more than one customer
at a time. For most simple websites, this would be sufficient. Going with a shared
product is a cheap way to get information on the web and is quite acceptable for
a lot of purposes. However, when you are running a company and are entrusted to
keep your customer's data secure, it is not such a good idea. With shared products,
we wouldn't have control of the system password to the machine. We would have no
idea who had access to it. Even worse, other software, from other companies or individuals,
would be running on the machine with the possible ability to accessing your data.
This is why we have our own servers. We are the only ones with the passwords to
our systems. Not even the employees of the data center that the servers are located
in have access to any of our machines.
Backup of Your Data
Your data is backed up onsite and offsite to different servers every night.
Your data is first backed up to local transaction logs in the event that the database
were to crash, we could restore it within minutes. Transaction logs are created
Next, both the transaction logs and the original database are copied to another
local server within the same secure local every night. If a machine were to break,
we could easily restore the data to another machine and be up and running within
a short period of time.
Afterwards, the data is automatically transferred offsite to another location. In
the event of a fire, theft or major catastrophe where the machines or the secure
data center are lost, we could restore the data to machines in another location.
Class A Data Center
It is our belief that that the only proper location for ours servers is a data center.
We have all of our servers located in a Class A data center on Long Island, NY,
which ensures that they are in a safe, climate controlled environment with reliable
redundant connections to the Internet and various forms of power fail over devices.
Our data center location is run by experts and offers us the following features:
Hardware firewall device to deter and stop attackers before they reach our servers
A dedicated UPS (Uninterrupted Power Supply) as an immediate power backup solution
Natural gas generators sized to run a full load of all the data centers machines
indefinitely in case of major power outages (our servers were online during the
New England Blackout of 2003).
Redundant oversized HVAC systems to ensure the perfect temperate (72 degrees) and
humidity (45%) for servers
Security access points that require both security card badges and a security code
to restrict unauthorized access
Digital surveillance camera systems with 60 days of storage to record theft or malicious
24/7/365 monitored intrusion detection system and a digital surveillance system
to protect the premises
If you are worrying about the security and safety of your data, don't.
When you enter sensitive data on your computer while visiting our site, it is sent
to our servers using SSL (a method for transferring data encrypted across the Internet).
Once your data arrives at one of our servers, we store your sensitive data in its
encrypted form to our databases.
We download Microsoft operating system patches and update our antivirus definition
files daily. We own our own servers and we are the only ones with the passwords
which are changed frequently. Your data is backed up daily to other local machines
and then offsite to another location. Our servers are located in a Class A data
center surrounded by climate control and a surveillance system, supported by redundant
connections to the Internet and multiple power failover devices.
We work hard so that you do not have to worry.