Realizing the importance of data privacy and security, PaySpan has developed a rigid and complete infrastructure designed to provide extensive security and control over payment and remittance information. Following are key attributes of the Security Network Architecture:
The Security Network is designed with a multi-tiered architecture. Advanced firewalls are deployed at multiple layers for real-time protection of communications.
Application layer protection. Application layering provides comprehensive, proactive protection against both generalized and targeted attacks against the PaySpan Health website. The design also protects against loss or theft of information from the website.
Database Services are clustered. The clustering allows for real time fault tolerance between database servers for improved availability of resources. Database servers act as hot standby's for each other.
Database separation allows for granular security controls on each database. Databases for transactions and data archives have been separated to optimize controls for each.
Only secure protocol methods (IPSec / SSL / SSH) of access are allowed. This approach protects against eavesdropping and unauthorized access to sensitive information.
Routine vulnerability scans are performed on the PaySpan Health application. Thorough, ongoing testing of PaySpan Health provides information on any potential weaknesses of the application. Also, independent third party assessments are routinely conducted by customers and major institutional partners.
PaySpan Health Security and Controls
- Data Security - Ensuring the security of data is central to the design of the Security Network reviewed in this document.
- Physical Security - Proximity card readers are used throughout Production Centers to control access to each area based on job function. Cameras monitor and record all activity at all hours.
- Account Management - Support Center staff track all jobs and ensure that all transactions are processed accurately and efficiently.
- Quality Assurance Procedures - The Quality Control function ensures that electronic transactions match standards approved by clients and that printed documents meet banking and postal standards.
- HIPAA Competence - PaySpan is committed to the requirements set forth in the HIPAA Privacy and Security Standards for the secure transmission, use and management of protected health information. PaySpan follows processes to ensure that both the ERA and EFT components of the mandated ANSI 835 transaction set are certified by Claredi.
- SAS 70 Type II Audit - PaySpan has been issued a SAS 70 Type II Report as of October 31, 2008. This report provides PaySpan customers and their independent auditors information that may assist them in evaluating the internal controls of the PaySpan Services.