Security
Key Information on EasyRx Security
Security Practices
Each practice and lab using EasyRx expect their data to be secure, confidential, and private. We understand how important this is to our customers and work vigorously to ensure all three expectations are met. Please review the information below regarding our current policies and practices, along with our Privacy Policy and Terms of Service.
Security
The security of your information is vital in our success as a business. Below are some details on our security practices. EasyRx requires all traffic to be encrypted in both directions, uses 128-bit AES, supports TLS 1.2 for all transactions, and uses the DHE_RSA key exchange algorithm.
Additionally, we proactively monitor the security community’s findings and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.
Payment Data Security
EasyRx utilizes Stripe, a third-party card processing solution to integrate our billing and invoicing capabilities. Stripe is PCI-DSS compliant and is also certified to PCI Service Provider Level 1, the most stringent level of certification available. Read more about Stripe’s Privacy Policy here. To further protect our client’s payment information, EasyRx does not accept payment information over the phone or by email. If you need to update your current payment information in your EasyRx account, please read this guide in our Support library.
External Security Audits
We contract with credible, external security firms who perform regular audits of EasyRx to verify that our security practices are sound and to monitor the service in light of new vulnerabilities discovered by the security research community. Our site is also monitored and certified by the globally recognized McAfee SECURE service to ensure a safe browsing environment.
Internal Security Audits
Our development team regularly analyzes the EasyRx domain as well as login portal behaviors to proactively address any potential threats. We track an extensive audit log to view: Failed and successful logins, password reset requests, edited and deleted invoices, edited and deleted prescriptions, and downloaded content. All logs contain IP, email, and login data. This information is kept confidential and is only shared with the proper entities when warranted.
Secure Physical Location
The EasyRx platform is hosted on Amazon Web Services: An ultra-reliable and secure managed cloud hosting platform. You can learn more about Amazon Web Services at their site: https://aws.amazon.com
Availability
We understand that you rely on EasyRx to work. We’re committed to making EasyRx a highly-available, ultra-reliable service that you can always count on. We build systems that tolerate the failure of individual computers or whole data centers, keeping many copies of your data online for redundancy, practice disaster-recovery measures often, and always have staff on-call to quickly resolve unexpected incidents.
Cybersecurity
We take security and HIPAA compliance very seriously at EasyRx. We have engaged Black Talon Security to implement an intensive cyber security and HIPAA compliance program of our systems. Black Talon is the leader in cybersecurity solutions and HIPAA compliance in the dental and dental specialty market. They have years of experience and knowledge in cybersecurity, HIPAA and the dental industry. We felt like they were the absolute best choice to implement an intensive review and audit of our systems.
