What Security Measures are Taken with Atlas.md?
Atlas.md takes every precaution to make sure the information in your account remains secure and private – just the way it should be. As one of the primary focus points inside the application, we take several measures to handle security related issues. Here’s a glimpse into some of the ways your data is protected:
- Every single connection made inside Atlas.md is handled through encrypted HTTPS. This means no data leaves the server un-encrypted, even when the information is going to the final user or when it’s in transit to any of the many APIs we connect to.
- The most sensitive data is encrypted in our database as well.
- The files that you upload to Atlas.md are stored in the Amazon Web Services cloud, the biggest and most advanced cloud platform on the planet. We encrypt the contents of files and we randomize the names of the patient-related files you upload to Atlas.md, which means even if someone physically stole hard drives from the Amazon datacenter, they still wouldn’t be able to figure out the names of the files. Additionally, and most importantly, contents are totally unreadable in these extreme events. AWS is HIPAA compliant, as you can read from their compliance page.
- Forced timeouts option: Atlas.md offers the option to enable a “forced timeout” feature. This feature automatically logs users out of the software after 30 minutes of inactivity. This reduces the possibility of data leakage from computers left unattended at the office. You can enable this by clicking on Account > Security.
- Two-step password reset: Atlas.md requires verification before your password can be reset, which helps prove a human is attempting the reset.
- Password reset reminders: we remind all our users to update their passwords every month through a reminder email, reducing the risk of passwords stolen elsewhere, affecting your data on Atlas.md.
- Automatic log-out with password reset: When you update your password, you’re automatically logged out of the app on any other devices you were logged into.
- Brute-force login preventive measures are taken to avoid people from trying to guess passwords. There are a couple ways we implement this:
- (1) Atlas.md blocks access to IP address with suspicious activity.
- (2) Atlas.md shows a recaptcha to ensure a human is actually using the login window anytime the system sees suspicious activity in the account. Spam bots aren’t able to pass these security measures.
- Billing information security: Atlas.md never, under any circumstance, stores credit card or bank information on its servers. In fact, that information never even makes it to Atlas.md servers; it’s transmitted directly from the user’s Web Browser to our payment solutions provider. Our payment processor is a leading provider for safe payment solutions and they’re fully PCI Level 1 compliant.
If you have specific questions about the way your Atlas.md information is being protected, please email us at firstname.lastname@example.org. We’re happy to talk more about it!