Security Notice
How We Protect Your Data on Our Web-based Software Services
What This Security Notice Covers
This security notice pertains to the security measures in place at Guardian Medical Direction for protection of personal and protected health information in connection with the use of the Guardian Medical Direction web site, and the GuardianMD (core oversight), GuardianMD Connect (telemedicine) GuardianEngage (client relationship and marketing management) web-based services (collectively, Service).
Unique identification of users
To comply with the HIPAA requirements and to provide a secure service, Guardian Medical Direction requires all users to have a unique username. Guardian Medical Direction currently requires a valid email address to be associated to the username for the Guardian Medical Direction Service.
In addition to a username, every user account must be protected with a password of sufficient complexity. If your user account has access to multiple Guardian Medical Direction customers, you will be required to use the more restrictive policy.
All Guardian Medical Direction Service sign-ins are protected by account lock-out systems. If a user incorrectly authenticates a number of times or the user’s account is locked by a system administrator, their user account will be locked until a system administrator of the user‘s account unlocks it. Guardian Medical Direction’s support team is prohibited from unlocking user accounts unless the account is the system administrator account.
Security on the Guardian Medical Direction website
Guardian Medical Direction Service users may choose to sign into their account at the Guardian Medical Direction web site in order to access the downloads or account status. Such sign-ins are protected by SSL security. Your browser will usually display an indicator (such as a “lock” icon) when using a secure SSL connection.
Security in the Guardian Medical Direction service
The Guardian Medical Direction Service communicates with secure Guardian Medical Direction hosted and controlled servers and networks. All communications are secured with public-key encryption. Guardian Medical Direction disallows the use of low cipher strength in our production service.
Guardian Medical Direction helps to ensure physical and technical security protections of customer data, as it uses servers located in SOC 2 type 2 certified hosting providers.
Guardian Medical Direction deploys up to date advanced threat protection services which help to identify, block, and track hacking attempts, scans, data breaches, adware, malware, spyware, Trojans, phishing attempts and other equally malicious requests.
Role-based security
Every user in the Guardian Medical Direction Service belongs to one or more roles. A role is defined by each customer and is assigned a set of permissions. Guardian Medical Direction roles follow an allow-then-deny pattern of applying permissions — such that multiple role permissions are combined, and then filtered against any role’s restrictions.
Application locking
In accordance with HIPAA policies, Guardian Medical Direction’s Service will automatically lock up if left unattended for a period of time. Correct credentials of the user will need to be provided prior to using the application again.
Guardian Medical Direction password policy
Guardian Medical Direction system passwords are meant to help protect sensitive patient medical and financial records, as well as practice financial information. They serve as a deterrent to malicious agents as well as protection against casual or accidental lowering of security through carelessness.
The passwords are encouraged to be at least (8) eight characters long and have to maintain a level of complexity such that they will not be easily guessed or cracked by a determined attacker.
A user may change their password at any point in the application or the Guardian Medical Direction web site. Passwords changed by third-parties will immediately expire to allow users to log in but also to ensure that they immediately change their passwords to something that only they know.
Guardian Medical Direction will never store any passwords in permanent storage in a way that is reversible. The Guardian Medical Direction Service will never show the password in plain-text, human-readable form.
Changes to this security policy
Guardian Medical Direction may update this policy at any time for any reason. If there are any significant changes to how we handle security we will make a reasonable commercial effort to send a notice to the contact email address specified in your company’s Guardian Medical Direction account or by placing a prominent notice on our site.
Questions?
If you have questions or suggestions, you can contact us at:
Guardian Medical Direction Security Administrator
29488 Woodward Avenue, Suite #193
Royal Oak, MI 48073
security@guardianmedicaldirection.com
To report a security violation, please call us at (877) 340-1697.
Last updated on May 15, 2023