Not only must PHI be secure from unauthorized access, but that information plus related data - tests performed, results, etc. - needs to be saved in such a way that it isn't subject to being lost or accidentally deleted and unrecoverable. This also applies to user activity and information, in fact, all data retained in the system, for as long as policy requires they be stored.
[Template fetch failed for https://www.limspec.com/index.php/Template:Specification_POL_S0050_Data_Retention?action=render: HTTP 500]Data Storage and Retrieval
Archiving is performed automatically by the system when tests for the samples are completed, on a transactional basis rather than set frequency. These functions continue without the need for downtime. If changes become necessary subsequently, the system's audit trail is engaged so that records may be accessed for editing.
Any data, including archived historical data, may be accessed in the LIS for the purposes of reporting, whether in a quick ad hoc report according to multiple filter criteria or for more formal or regulated reporting purposes. The archived data, however, are stored so as to be optimally accessible for reporting and trend analysis.
- All sites are secured through HTTPS which is SSL Encrypted
- Customers have their own individual secure databases that are not shared
- All hosting servers are protected with the latest Antivirus and Anti-Malware protection
- The complete system is backed up in near real time (every two hours) and we keep 10 days rolling backup and offsite backup in a second secure data center
- The data centers we are located in are SSAE 16 (previously SAS 70) tier 4, and audited to SOC 2 standard.
Additionally, our data centers have multi-level physical security, including razor wire-topped brick wall around the entire premises, patrolling armed guards, biometric security, mag card security, combination lock security and caged servers, with 10” thick cement ceilings, independent water tanks for cooling, backup generators, redundant systems throughout and smart building monitoring, offering 100% uptime and meeting TIA-942 ANS standard.
LabLynx has many clients with sensitive data, including pharma, county medical examiners offices, competitive food, electronics and other manufacturing companies, clinical (HIPAA-regulated) and government, who are hosted by LabLynx on completely secure dedicated servers.[Template fetch failed for https://www.limspec.com/index.php/Template:Specification_SLS0209_System_backup_and_restore?action=render: HTTP 500]HealthCloudPOL is hosted in LabLynx's state-of-the-art cloud hosting facilities, system backup is taken care of for you. Data are backed up both at the primary data center and at a second, geographically distant data center, in accordance with best practices and ASTM and CLSI standards. The complete system is backed up in near real time (every two hours) and we keep 10 days rolling backup and offsite backup in a second secure data center. So in the remote event of any catastrophic failure all data are recoverable up to within two hours of the failure.
Disaster prevention and data recovery practices follow The LabLynx Quality Management System manual section 13.0/SOP 4 procedures. First, the integrated redundancy of all components of ELab webLIMS in the LabLynx data center provides a maximum level of disaster prevention, maximizing disaster recovery effectiveness. Second, disaster recovery testing is performed regularly, according to documented procedures, to ensure maintenance of uptime guarantee is supported, and minimal data loss is experienced, in accordance with ASTM and CLSI standards.
- Rouse, Margaret; Burton, Andrew (Feb 2014). "Data Retention Policy". Definition. TechTarget.com.
- LabLynx Quality Manual. LabLynx, Inc.. April 10, 2015.
Individual Specifications were transcluded from limspecwiki