Need to Talk to Someone? Call 800.884.8182 or Contact Us

Need to Talk to Someone? Call 800.884.8182 or Contact Us

Mobile Navigation X

Firewall Security Policy

 

Purpose

To enhance the security of our hosted Electronic Health Record (EHR) system and protect sensitive patient data, ClinicTracker has implemented firewall restrictions to limit system access based on geographic location outside the United States. This policy outlines the access restrictions and the process for requesting exceptions.

Access Restrictions

As part of our commitment to safeguarding protected health information (PHI), access to ClinicTracker is restricted to users with IP addresses originating from “Approved Regions”. This geolocation-based restriction is enforced through a firewall configuration that filters incoming connections to the system. These measures ensure compliance with data security standards and reduce the risk of unauthorized access from high-risk regions.

Exceptions for Users Outside the Approved Regions

ClinicTracker recognizes that some authorized users may need to access the EHR system from locations outside the Approved Regions due to legitimate business or clinical needs. Exceptions to the geographic access restrictions will only be considered for users located at permanent facilities (e.g., office building or home-office) with a static IP address. Exceptions will be evaluated on a case-by-case basis.

Individual users (e.g., remote workers or those traveling) outside Approved Regions with a dynamic IP address will not be granted exceptions. Instead, these users must use a Virtual Private Network (VPN) or other solution to connect to ClinicTracker from an IP address that originates from within the Approved Regions, thereby bypassing the geographic restriction.

Exception Request Process for Permanent Locations

  • Submission: Users at permanent locations with static IP addresses requiring access from outside the Approved Regions must submit a written request by completing the form on this page.
  • Review: The ClinicTracker Security Team will evaluate the request based on security risks, business needs, compliance requirements, and verification of the static IP address.
  • Approval/Denial: The requester will be notified of the decision within 2 business days. If approved, access will be granted to the specific IP for the specified duration, subject to any additional security measures.
  • Monitoring: Approved exceptions will be monitored to ensure compliance with security protocols.

VPN Requirement for Individual Users

Individual users outside the Approved Regions must use a VPN or similar solution to connect to ClinicTracker. The VPN will route the user’s connection through an IP address in the Approved Regions, ensuring compliance with the firewall restrictions. Users should work with their IT Security Teams for guidance on setting up such a solution.

Contact Us

Get in touch with us about being a part of the growing ClinicTracker Team.
Contact