At Surgical Notes we have implemented the following measures to ensure that we meet or exceed the measures required by HIPAA to secure the privacy of the sensitive data that is inherent to our business.

Password Aging and Complexity Policy

PC Usage Policy for all Surgical Notes employees

Encryption Policies for all transmission of patient data

VPN Policy

180 day Data Retention Policy

Disaster Recovery Plan

Employee HIPAA awareness training

Dedicated security officer to stay abreast of and constantly evaluate our business practices as they relate to HIPAA compliance




All Business critical systems co-located with Internap, providing best in class in terms of speed, redundancy and security

Bio-metric access control systems to the Internap facility




Security Audit performed monthly by Maximum Network Security

Checkpoint Firewall securing the perimeter of the Surgical Notes public and private networks

3DES, IKE/IPSEC2 encryption, VPN and SSL 128 bit secure, web enabled portal

Separate internal LAN and DMZ networks

Server auditing

Unique username/password required for all data access

RAID 5 disk configuration of all business critical systems

Redundant data storage solutions