Security at its Finest
We understand that security is of the utmost importance when handling patient data. With 20 years in the industry, we understand what it takes to back our solutions with the security you need – and that your patients expect.
Apex is PCI compliant and we even offer payment solutions that can reduce our customer’s PCI compliance scope and liability.
Point-to-Point Encrypted Payments (P2PE)
Apex’s payment solution in myEasyView® provides the ability to use Apex’s Point of Interaction device to key in financial data instead of the keyboard, eliminating the workstation from your PCI compliance scope.
EMV Payment Processing
On site payment transactions that are applied through Apex’s Point-Of-Interaction device (card swipe) are processed through one of only a few gateway providers that are EMV ready.
All aspects of our business are structured with HIPAA compliance in mind. Apex has an internal HIPAA Compliance Officer and we conduct mandatory annual HIPAA training for all Apex employees. At Apex, compliance is not a point in time; it is ongoing and integrated within our daily activities. Apex provides flexible patient authentication options including support for:
- Single Sign On (SSO) login using pre-existing methods for patient authentication
- Unique security code plus personal identifiers (2 factor authentication)
- One time “Guest” payments without any authentication or account creation (PHI is not presented with this option)
- Anti-hacking with CAPTCHA security measures.
- Unauthenticated payment allowing patients to pay without logging in. In this case, patients provide the account number, payment amount, and credit card information) and are not shown any statements or PHI
Apex is committed to ensuring system security and availability for our clients.
- Annual SOC2 Type 2 audits and disaster recovery testing
- 99.9% System uptime/availability
- Encryption of all data at rest and during transit
- Highly segmented network infrastructure with state of the art firewalls
- PGP/GPG encryption and FTP/S, SFTP, and HTTP/S file transfers
- Security audits and logins with on-demand reporting to ensure ongoing website, patient data, and internal support integrity
- Forced SSL encryption using 2048-bit RSA and SHA-256 key lengths
- 3 rd party network security scans
- SSL Encryption using 2048-bit RSA and SHA-256 key lengths
- SSO authentication for secure and seamless integration
- Very flexible and user-configurable security model which lets our customers define their own organizational hierarchy and role assignment
- Strong password requirements with specific length and character requirements and a visual indication of password strength
- IP-based access restriction that specifies IPs or a subnet of IPs to limit access to a provider’s facility or facilities (optional)
- State of the art Intrusion Prevention System for blocking brute force attacks
- Automatic log-out after a defined inactivity time, configurable by customer
- Audit logs and on-demand reporting of system usage
Apex operates out of two state-of-the-art production, print and mail, facilities in St. Paul, MN and Green Bay, WI; located 250+ miles from each other. We also utilize separate Tier III data centers in Minneapolis, MN and Madison, WI, which are also 250+ miles from each other. In the event of a disaster or outage – Apex has the infrastructure and documented Disaster Recovery plan to continue business at our non-affected facilities.
Please see TLS 1.0 Notification