Security

Key Information on EasyRx Security

Security Practices

Each practice and lab using EasyRx expect their data to be secure, confidential, and private. We understand how important this is to our customers and work vigorously to ensure all three expectations are met. Please review the information below regarding our current policies and practices, along with our Privacy Policy and Terms of Service.

Security

The security of your information is vital in our success as a business. Below are some details on our security practices. EasyRx requires all traffic to be encrypted in both directions, uses 128-bit AES, supports TLS 1.2 for all transactions, and uses the DHE_RSA key exchange algorithm.

Additionally, we proactively monitor the security community’s findings and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.

Payment Data Security

EasyRx utilizes Stripe, a third-party card processing solution to integrate our billing and invoicing capabilities. Stripe is PCI-DSS compliant and is also certified to PCI Service Provider Level 1, the most stringent level of certification available. Read more about Stripe’s Privacy Policy here. To further protect our client’s payment information, EasyRx does not accept payment information over the phone or by email. If you need to update your current payment information in your EasyRx account, please read this guide in our Support library.

External Security Audits

We contract with credible, external security firms who perform regular audits of EasyRx to verify that our security practices are sound and to monitor the service in light of new vulnerabilities discovered by the security research community. Our site is also monitored and certified by the globally recognized McAfee SECURE service to ensure a safe browsing environment.

Internal Security Audits

Our development team regularly analyzes the EasyRx domain as well as login portal behaviors to proactively address any potential threats. We track an extensive audit log to view: Failed and successful logins, password reset requests, edited and deleted invoices, edited and deleted prescriptions, and downloaded content. All logs contain IP, email, and login data. This information is kept confidential and is only shared with the proper entities when warranted.

Secure Physical Location

The EasyRx platform is hosted on Amazon Web Services: An ultra-reliable and secure managed cloud hosting platform. You can learn more about Amazon Web Services at their site: https://aws.amazon.com

Availability

We understand that you rely on EasyRx to work. We’re committed to making EasyRx a highly-available, ultra-reliable service that you can always count on. We build systems that tolerate the failure of individual computers or whole data centers, keeping many copies of your data online for redundancy, practice disaster-recovery measures often, and always have staff on-call to quickly resolve unexpected incidents.

Cybersecurity

We take security and HIPAA compliance very seriously at EasyRx. We have engaged Black Talon Security to implement an intensive cyber security and HIPAA compliance program of our systems. Black Talon is the leader in cybersecurity solutions and HIPAA compliance in the dental and dental specialty market. They have years of experience and knowledge in cybersecurity, HIPAA and the dental industry. We felt like they were the absolute best choice to implement an intensive review and audit of our systems.