Introduction
This Security Policy outlines the measures implemented by Ophy Care, Inc. (“Ophy Care,” “we,” “us,” or “our”) to safeguard personal and protected health information in connection with the use of the Ophy Care, Inc. website and all web-based services (collectively, the “Service”). As a provider of digital health solutions, Ophy Care is committed to maintaining the security and privacy of user data.
Unique Identification of Users
To comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and provide a secure service, Ophy Care, Inc. requires all users to have a unique username. A valid email address is used as the username for the Ophy Care, Inc. Service. Each user account must also be protected by a password of sufficient complexity. Customers can set their own password complexity policy, and if a user account has access to multiple Ophy Care, Inc. customers, the more restrictive policy will be enforced.
Account Security
All Ophy Care, Inc. Service sign-ins are protected by account lock-out systems. If a user incorrectly authenticates multiple times or the user’s account is locked by a system administrator, the account will remain locked until a system administrator unlocks it. Ophy Care, Inc.’s support team is not authorized to unlock user accounts unless the account is the system administrator account.
Security on the Ophy Care, Inc. Website
Ophy Care, Inc. Service users may sign into their accounts at the Ophy Care, Inc. website to access downloads or account status. These sign-ins are protected by SSL security. When using a secure SSL connection, your browser will usually display an indicator, such as a “lock” icon.
Security in the Ophy Care, Inc. Service
The Ophy Care, Inc. Service communicates with secure Ophy Care, Inc. hosted and controlled servers and networks. All communications are secured with public-key encryption, and the use of low cipher strength is disallowed in our production service. Ophy Care, Inc. employs redundant, next-generation firewalls, intrusion detection, and prevention services monitored 24X7X365 to protect customer data. We use a PCI Approved Scanning Vendor (ASV), internal and external threat prevention, and advanced threat protection services to identify, block, and track malicious requests and potential security threats.
Role-Based Security
Every user in the Ophy Care, Inc. Service is assigned to one or more roles, each defined by the customer and granted a set of permissions. Ophy Care, Inc. roles follow an allow-then-deny pattern, combining multiple role permissions and filtering them against any role’s restrictions.
Application Locking
In compliance with HIPAA policies, Ophy Care, Inc.’s Service will automatically lock if left unattended for a period of time. Correct credentials must be provided before using the application again.
Ophy Care, Inc. Password Policy
Ophy Care, Inc. system passwords are designed to protect sensitive patient medical and financial records, as well as practice financial information. Passwords should be at least seven characters long and maintain a level of complexity to deter guessing or cracking attempts. Users may change their passwords within the application or the Ophy Care, Inc. website. Passwords changed by third-parties will immediately expire to ensure users create a password known only to them. Ophy Care, Inc. never stores passwords in permanent storage in a reversible format and never displays passwords in plain-text.
Changes to This Security Policy
Ophy Care, Inc. reserves the right to update this policy at any time for any reason. In the event of significant changes to how we handle security, we will make a reasonable commercial effort to send a notice to the contact email address specified in your company’s Ophy Care, Inc. account or display a prominent notice on our site.
Questions?
If you have any questions, suggestions, or need assistance, please contact us at:
Ophy Care, Inc.
9013 204th Street
Hollis, NY 11423
Email: support@ophycare.com
Phone: (646) 954 7697
Last Updated: July 04, 2023