Security Policy

Medaflo, LLC ("Medaflo") acts as a trusted confidential application service provider dedicated to providing a secure Internet and mobile service.

Medaflo employs a high degree of security consciousness. One of Medaflo's priorities is to make reasonable efforts to ensure data security and be fully compliant with all HIPAA regulations. Access, integrity, availability, ownership, authorization, dependability, authentication, and confidentiality are all major considerations within the Medaflo Security Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us.

Medaflo upholds its stringent Security Policy with the following security measures:

1. Role-Based Usage

Medaflo grants varying degrees of access to users with different levels of authority within a provider practice.

2. Encryption

All communication between you and the Medaflo server is secured by using SSL AES 256-bit encryption. This is the highest level of encryption currently available commercially.

3. Data Security

Medaflo takes measures to secure your data on our servers. The data centers we use are both physically and electronically secured. Our servers are isolated from the Internet by using a firewall which is a hardware and software system that blocks access by unauthorized parties.

4. Confidentiality

Medaflo has internal policies that keep your data private and confidential. We will not share your data with any third party except as described in our Privacy Policy. Your data is your data only.

5. Login ID and Password

Access to your account is controlled by a login ID and a password, which you chose. Strict login ID and password rules help prevent unauthorized users from gaining access to data. We do NOT store a plain text version of your password. Your password is stored using a one-way hash key and verified using the same one-way hash every time you login, which means no one at Medaflo knows what password you have chosen. If you ever forget your password, we force you to choose a new one using an email verification check.

6. Auto-Logoff

Medaflo protects you against accidentally leaving your account active on a computer browser screen. The Medaflo service ends your "session" if you are logged into Medaflo but have not actively used the service for a set period of time. This prevents others from accessing your account when you leave a session and forget to log out.

7. Digital Certificates

Medaflo uses a digital certificate issued by Let's Encrypt, a leading Secure Server Certification Authority. This gives you the confidence that you are connected to a site or application operated by Medaflo, and authenticated as such.

8. Sensitive Information

Medaflo handles all your health information with respect to its confidentiality and privacy. We ask that you follow your provider's policy on communicating sensitive information in their practice.

9. Data Integrity

Medaflo employs products and technology to help ensure data is available and access to the site continues without interruption.

10. Storage and Maintenance of Information

For more information regarding the storage and maintenance of information, please contact us.

11. Firewall

We take reasonable measures to secure your data on our servers, which are located in data centers that are both physically and electronically secured. Our servers are protected behind the Internet by using a firewall system that blocks access by unauthorized parties.

12. What can I do to protect my Privacy?

In order to protect your privacy while using Medaflo, you can:

Last updated: April 15, 2021