Security and Privacy Policies


Maintaining medical records' privacy and security is an essential duty and indeed one that is mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The HIPAA Privacy Rule requires covered entities (health plans, healthcare clearinghouses, and healthcare providers) to make reasonable efforts to limit the use or disclosure of and requests for protected health information (PHI) to the minimum necessary to accomplish the intended purposes.PHI's authorized uses are limited to those related to treatment, payment, and healthcare operations (TPO). The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act) has extended the Covered Entity requirements, including penalties and enforcement, Business Associates for Security and Privacy.

Datatray Commitment

Datatray is committed to ensuring that all necessary policies, procedures, and safeguards are in place at all times to comply with HIPAA Privacy and Security Rule requirements in the handling of protected health information in all areas of the company and with any business associates or subcontractors that are permitted access to PHI.

voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor


HIPAA Security Safeguards fall into the following three categories: Administrative – including policies and procedures for ensuring security compliance. Technical – showing how the policies and procedures are implemented using technology controls such as authentication and audit trails. Physical – showing how the policies and procedures are implemented using physical controls such as firewalls, redundant computer servers, and biometric access entry to the data center.

Business Practices

You may not use the GS PLUGINS products for any illegal or unauthorized purpose nor may you, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright laws) as well as the laws of European Union and International law. In particular, it is prohibited to use our templates for pages that promote: violence, terrorism, hard pornography, racism, vulgarity content or warez software links.

You agree not to reproduce, duplicate, copy, sell, resell or exploit any portion of the Service, use of the Service, or access to the Service without the express written permission by GS PLUGINS. You may not redistribute or release an General Public License (GPL).

We reserve the possibility of blocking your membership account immediately if we will know about such a not permitted behavior.

If you create an account on the GS PLUGINS website, you are responsible for maintaining the security of your account, and you are fully responsible for all activities that occur under the account and any other actions taken in connection with the account. You must immediately notify GS PLUGINS of any unauthorized uses of your account or any other breaches of security.

Workflow and Application Security:

The MxTranscribe product includes the use of handheld digital recorders for voice capture. These voice files are electronically transmitted directly to Datatray data center servers from customer sites using the proprietary MxTranscribe desktop application running on local PCs. The MxTranscribe application includes password-protected authentication before any transmission of files to or from Datatray servers. The proprietary MxTranscribe desktop application applies 128-bit encryption to all files before any file transmission via the public Internet to the Datatray data center servers. All use of the MxTranscribe or DatatrayMail web applications is forced to occur using the HTTPS protocol (SSL – secure socket layer) with 128-bit encryption strength. Attempts to access the application without SSL are redirected. (Read about SSL at Voice files are transmitted from Datatray data center servers to production work centers via 128-bit SSL-secured web applications. Page 3 of 4 2010 Sales & Marketing Plan Company Confidential 1/22/2010 During the processing of voice files to completed transcribed documents, only medical transcriptionists (MT) and quality control (QC) personnel can access files. Processes are in place to prevent unauthorized electronic transmission of these records to other parties. For example: (1) Access to the production floor is strictly limited to authorized personnel. (2) User authentication via unique user logins, and passwords must access any file containing PHI. (3) Audit trails identifying all users who have accessed or edited PHI are maintained. (4) All floppy disk drives and USB ports are disabled to prevent copying of files to unauthorized media. (5) Internet access is limited and monitored. (6) The production process is operated in a paperless environment, and network printer access is limited. (7) All printed materials are shredded after their useful life, typically less than 24 hours. (8) All files containing PHI are removed from production floor PCs and servers after successfully transmitting the Datatray data center servers. Completed transcribed documents are returned to Datatray servers from transcription worksites using the 128-bit SSL encrypted protocol. Customers retrieve completed files using the proprietary MxTranscribe desktop application.

Data Center Physical & Electronic Security:

This category includes safeguards to protect physical computer systems and related buildings and equipment from intrusion and fire, and other environmental hazards. The use of locks, keys, and administrative measures to control access to computer servers and facilities is also included. Datatray servers and databases are housed in state-of-the-art tier-one data centers with geographic redundancy. The data center is SAS 70 approved. The data center facilities provide a secure, climate-controlled environment that is operational 24 hours a day, 7 days a week, and 365 days a year. The data center is physically secured and requires special biometric access (iris scans) to enter. Logs of all entry and exit from the facility are automatically maintained. Security personnel man the front desk 24/7/365. The data center facilities are equipped with climate control systems, fire detection and suppression systems, and backup UPS and generators. Page 4 of 4 2010 Sales & Marketing Plan Company Confidential 1/22/2010 All Datatray servers and databases are located on a secured internal network protected by Cisco Secure PIX Hardware Firewalls. Datatray uses Microsoft SQL Server 2000 databases and implements the SQL Server Security Model. In summary, this model addresses security at multiple layers, including securing access to the server, securing access to the database, securing access to database objects, and securing access through application roles. Access to the MxTranscribe system is limited to registered users. Users must provide their username and password to gain entry. A complete access audit trail is maintained, including user-session information. All database transactions are logged.