# How secure is Solismed? Views: 4677
1 System AdminPosted: 10/01/2017 10:36 AM

1. Solismed meets HIPAA security and privacy requirements on the software side. The following criteria are covered:
* Unique user identification
* Automatic logoff
* Encryption / decryption of patient demographics
* Access authorization
* Login monitoring
* Password management

2. The system is self-certified according to The 2015 Edition Health IT Certification Criteria (2015 Edition) and meets the following privacy and security criteria:
§ 170.315(d)(1) Authentication, access control, authorization
§ 170.315(d)(2) Auditable events and tamper-resistance
§ 170.315(d)(3) Audit report(s)
§ 170.315(d)(4) Amendments
§ 170.315(d)(5) Automatic access time-out
§ 170.315(d)(6) Emergency access
§ 170.315(d)(7) End-user device encryption 
§ 170.315(d)(8) Integrity
§ 170.315(d)(9) Trusted connection
§ 170.315(d)(10) Auditing actions on health information
§ 170.315(d)(11) Accounting of disclosures 

3. Encryption of data is done using Advanced Encryption Standard (Rijndael). A SSL certificate can be implemented to secure data access.

4. The system is protected from Cross-site Scripting (XSS) attacks and SQL injections using the following tools:
* htmLawed (www.bioinformatics.org/phplabware/internal_utilities/htmLawed/)
* MeekroDB (www.meekro.com)

5. File upload is limited to the following types: doc, docx, xls, xlsx, pdf, png, jpg, gif, zip, zipx.

6. Additional security measures include custom codes written to protect the URL and menu links from unauthorized access.