Security

Security

 

The Visions Foundation was originally developed to track clinical trials data (Medical information) and child welfare records, which meant integrated and tight security, as well as a tamper-resistant data design. This technology was adapted to the current platform that resides on a web server.

GVT Visions Server securityThe Visions Server utilizes a multi-dimensional security model that is extremely flexible. Users are assigned to groups that define functional duties, including levels of access for each form in the system. Users are also assigned to logical “organizations” that define access roles for individual cases. This is a hierarchical structure that the Visions Server automatically maintains to ensure users can only access cases they are allowed to.

  
HIPAA Compliance
 

In addition, GVT maintains both in house staff and external relationships to enable HIPAA compliance regarding security. The Visions Server automatically tracks all changes with full audit records for each form.  It automatically tracks all accesses to data as required by HIPAA guidelines. Finally, individual field level encryption, done at the platform level, ensures confidentiality of the most sensitive data, especially critical on forms, for example, that do AIDS tracking.

From a web security standpoint, the architecture uses https protocol (built into IIS) and also separation of the data servers from the web servers. This means all data access from browsers must go through the application platform, effectively disconnecting your data server directly from the Internet.

 

Server Connectivity
  

GVT’s Vision Servers are designed to communicate with each other if necessary. The architecture also allows for a central “shared” data repository from disparate systems. This repository is generally designed to capture data that can be shared between agencies, such as a county agency sharing data with a state agency.

Connectivity is via secured access methods and standard internet protocols. It is done at the application platform level to ensure maximum security and accommodate systems with different DBMS.