Are Purview Solutions Secure?
Purview’s solutions offer clients the possibility of accessing critical medical information remotely, from anywhere with an internet connection, at any time. The cloud-based solutions, Purview Image, and Expert View can be implemented in practices to store and manage both patient studies and patient cases, respectively. Because of the sensitive nature of the protected health information (or PHI) shared and stored in Purview solutions, we have implemented multiple safety and security measures to keep you and your patients safe.
How is ‘safe and secure’ defined?
- Manages personal information
- Notifies parties when there is a suspected breach of that privacy
- Enables individuals to choose whether their personal information is retained by us
- Enables access and the correction of such individual’s personal information which we store
- States our accountability for breaches of such privacy when you use its services (the “Services”), including information provided when you use Purview.net
This policy applies to the data collected and stored by Purview in providing its services.
Where does Purview security start?
Purview software security starts with access control systems installed within the solutions. These systems ensure that every user has to create an individual account in order to access the cloud. These accounts require the creation of a username and password matched with an email address. Once an account is created, Purview limits failed log-in attempts to three before the account is automatically blocked and the Purview support team has to manually unblock it by a verified user on the account.
Once user profiles are created, the Account Administrators can manage account traffic via the ‘activity logs’ which track any activity happening within the system, including who logged in, the studies they accessed, and even the functionalities they used.
For organizations that need it, the Purview team can implement a two-factor authentication process for added protection. A two-factor authentication system ensures the account is secure beyond the user ID and password, requiring an additional form of identification in order to access the cloud. We can use a combination of cross-verification processes for identification.
Uploading Securely to the Cloud
The Purview uploader is designed to receive studies securely. Purview supports 2 main secure paths for medical studies and cases to enter into our data centers.
To ensure the security of PHI, Purview can establish virtual private network (VPN) connections to upload images to the cloud PACS. VPN’s essentially create a private ‘tunnel’ that can securely upload the images to the cloud without exposing them to public network threats.
From our Security and Compliance document:
“VPN/IPSEC Encryption: Medical imaging studies that are transmitted to and from our data center can be sent over a secure encrypted VPN/IPSEC connection. IPSec is a framework for a set of protocols for security at the network or packet processing layer of network communication.”
II. ViVA 360
We also offer our secure application: ViVA 360, which is primarily used for handling patient data. It provides secure transmission to the cloud without the need for a VPN connection. The Purview ViVA 360 Agent will send images over a secure protocol (SFTP, SSH).
From our security and compliance document:
"Communications with our portal are secured with encrypted SSL/TLS connection. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients. Purview leverages SSL/TLS connections that are at least 2048-bit encrypted. Medical imaging studies that are transmitted to and from our data center can be sent over a secure encrypted VPN/IPSEC connection. IPSec is a framework for a set of protocols for security at the network or packet processing layer of network communication."
Purview also provides clients the option to securely share studies with anyone who needs access to them. Purview solutions support two different methods of secure sharing:
- You can enter the recipient emails from within the platform and send them directly
- You can copy a safe, shareable link and paste it on an email, WhatsApp, Messenger, or any preferred method
For added safety, institutions can choose to set an expiration date on the links (48 hours or 1 week), require the recipients to enter the patient's last name and DOB to access, and restrict whether or not the receiving party can download the images onto their computer.
To learn more about Purview’s safety and security measures, feel free to read through the Purview Privacy, Security, and Compliance Overview document. The document is updated annually to reflect any changes in regulations and will hold all the information required to make an educated decision on the most secure cloud for your practice.