Home About Security


CareConnections’ most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems, and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. All services have quick failover points and redundant hardware, with complete backups performed nightly.

Customer data is stored in a specific secure location; it does not float around in the “cloud.” In addition, all data is processed in that location and is not moved to another jurisdictional area.

CareConnections uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Our services are hosted by trusted data centers that are independently audited using the industry standard SSAE-16 method. They also comply with PCI DSS, HIPAA, and NIST 800-53. We protect data on the physical servers using Bitlocker, an AES 128-bit encryption method.

CareConnections provides each User in your organization with a unique user name and password that must be entered each time a User logs on. CareConnections issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include either the username or password of the user. CareConnections does not use cookies to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. Since our subscribers control their users and their data, it is important for the users to practice sound security practices by using strong account passwords and restricting access to their accounts to authorized people.