It is Assumed that all data supplied to U-Scribe is
Compliant with The Data Protection Act 1998 (The DPA
1998).
U-scribe acts as a Data Controller and a Data Processor
as defined by The DPA 1998
SECURITY IN TRANSIT
All data is encrypted on point-to-point basis using
128-bit SSL or 156-bit triple DES.
U-Scribe has the following general security measures
in place:
Telephone Access:
- Unique user identification.
- Customised IDs at the user's discretion.
- Logged and verified ID modifications
Internet Access:
- Unique user names and passwords.
- Access privileges associated with user name.
- Virtual company membership associated with each
user name.
Transmission of digital voice & data files:
- Web based encryption with 128-bit cypher strength
SSL v3.0
- Point to point 156-bit triple DES.
DATA PROTECTION
U-Scribe is registered with the Information Commissioner
and complies with its requirements for the handling
of patient specific data.
SECURITY
There are three main areas that must be monitored by
the Data Controller
PHYSICAL SECURITY
All the terminals or microcomputers are in a room that
is kept locked.
All the screens are clean of any previous data when
not in use.
All transcriptionists are logged off and their machines
are switched off when not in use?
Back up disks are created out frequently and stored
in another place.
Access to the equipment and disks are restricted to
authorized personnel only.
SOFTWARE SECURITY
There are several levels of access? (ie several passwords
for key staff)
The system is continuously monitored for any third party
attempts to breach security frequently?
All data transmitted via the Internet is done so via
SSL secure means
OPERATIONAL SECURITY
There is a list prominently displayed, listing authorized
Data Controllers and Staff Authorized as Data Processors.
All U-Scribe employees and all sub contracted personnel
must have read and understood the provisions of The
DPA1998.
|
