Studytrax runs in the cloud, so it will be available when you need it.  Secure and compliant, Studytrax provides the peace of mind knowing your clinical and research data are safe. Some of the advantages of running in the cloud include:

​

• Up and running immediately

• Fully HIPAA Compliant

• Access your data from anywhere in the world

• Eliminate the headache of dealing with IT departments

• Always run the latest version of Studytrax without having to wait for IT staff to schedule an upgrade

• Easily scale up to meet demand without the worry of acquiring the new hardware

• Continuous monitoring of the Studytrax application to ensure user access whenever needed

​

Overview

For organizations that collect and manage Protected Health Information (PHI), data security is critical. There are many controls in place to ensure PHI is appropriately handled within Studytrax. To ensure that data is secure and reliably available, enterprise class hosting facilities are utilized to power Studytrax. With all the precautions taken, customers can trust that their PHI is secure and protected.

​

Software Controls

Studytrax was designed from the ground up with data security in mind and contains numerous features that ensure data protection. Some of the most important features related to data security include:

• SSL enforced access

• Strong authentication

• All passwords are individually salted and hashed

• Account locking after 5 failed attempts

• Inactive user session time out

• Role-based security

• User activity auditing

 

Process Controls

Process controls encompass policies and procedures to protect data across the organization. Some of the main process controls include:

• Documented security policies and procedures

• Security awareness training

• Role-based access with strong authentication for all systems containing PHI

• User activity auditing

• Risk analysis and risk management

• Incident reporting and tracking

• Data redundancy/backup/disaster recovery strategy

• Third party evaluation of the security program

 

Testing Environment

With any software application, it is critical to test changes that are made prior to updating the production system. Studytrax maintains a test environment where all new versions of the software must be tested prior to moving those changes into the Studytrax production environment.

 

Hosting Facilities

Studytrax runs in an enterprise class data center owned and managed by Rackspace. Rackspace takes security very seriously and this is critical for any system housing PHI. In addition to the standard security controls employed by Rackspace, a Business Associate Agreement (BAA) has been obtained for added assurances that HIPAA requirements are met.

​

Although many controls are employed within the Rackspace data center to protect the data (redundancy, backups, etc.), an offsite backup of the Studytrax data is performed every 15 minutes. All data are encrypted using AES 256 and then transferred to the Microsoft Azure data center over SSL.

In an effort to further protect the data in the event of a possible attack, a multi-tier strategy is used where the web servers and database servers are physically separated. In this configuration, the web servers are the only servers publicly accessible. The database servers are deployed on a private network in the data center with a firewall sitting between the web servers and the database servers. This minimizes the potential damage that can be done in the event one of the web servers is compromised.  The servers are also protected by intrusion detection and log monitoring tools.

​

Additionally, the database resides on a fully encrypted drive deployed in a RAID 5 configuration. With this configuration, recovery of data from a physical disk is virtually impossible as it is encrypted and striped across multiple disks. In the event that any disk is ever retired or fails, Rackspace will physically destroy the drive as an added precaution.

​

The following diagram shows how this topology looks.

​