Features Navigation

Live Chat (800) 825-0224 Live Demo

Cloud Security

Run your practice with confidence of your data security. All AdvancedMD applications, information and records are stored in our managed cloud environment, giving you more freedom and security than what is possible with application service providers (ASP) and on-premises, client-server software applications. All our systems are scrutinized and safeguarded using the highest standards in security and encryption.

2-Factor Authentication

Traditionally, “username and password” is how technology companies gate online access to data and applications, which could create easy prey for cybercriminals. In today’s online environment, logins can be compromised in minutes and your confidential patient and financial data can be under increasing threat.

AdvancedMD offers free 2FA as an optional service to give you an extra layer of security that works in conjunction with the username and password by adding a second security code to your login verification that only you can access (such as receiving the code in your email account). We also offer a 2FA security code via an authenticator app on your smartphone. Learn more about our 2FA.

Information Security Management

AdvancedMD operates an information security management program that generally adheres to ISO 27001 standards. This program consists of a multidisciplinary risk management approach to continually refine our security posture. We include multiple layers of protection in AdvancedMD products and business processes, as well as technical infrastructures.

Annual Risk Assessment

Risk assessments are conducted at least yearly on the AdvancedMD infrastructure, business processes and other areas where ePHI could be disclosed. Findings from such assessments are used to make risk management decisions on how to reduce risk to an acceptable level. Risk assessment processes focus on areas of the business and technology operations where ePHI may be vulnerable to unauthorized access, disclosure, destruction or other loss of confidentiality, integrity or availability.

Results from risk assessments are grouped into findings that are then classified and categorized by level of risk. The determination of risk takes into account the information gathered and determinations made by analyzing the likelihood of a threat and the resulting impacts of a threat. Findings are then grouped into risk issues and are documented and tracked through to an acceptable remediation.

Security Program Overview

We assign security responsibility to dedicated security and privacy officers. A cross-department compliance committee meets regularly to ensure compliance with all applicable laws and regulations (including HIPAA/HITECH and Meaningful Use). We document HIPAA policies and procedures. We require employee-wide HIPAA and security awareness training.

Technical Safeguards

We employ multiple layers of technical safeguards in our security. These include hardened network and operating systems, DMZs (multi-tiered firewalls and routers), intrusion detection systems (IDS), deep packet inspection (DPI) technologies, system policy and configuration management solutions, data loss prevention (DLP) technologies, secure, encrypted electronic communications, access, utilization, audit and event monitoring, logging and trend correlation, encryption of all transmitted information, network and application vulnerability scanning, application penetration testing, technical security assessments (internally and by 3rd parties), identity management, virus protection, and technical security training and awareness.

Information Security Incident Management

Our information security incident management programs include critical incident response procedures, escalations based on the classification or incident severity, incident contact lists and root cause analysis and remediation plans to avoid the incident in the future.

Business Continuity & Disaster Recovery

AdvancedMD business continuity and disaster recovery programs include electronic hourly backups of all client data to offsite locations, backup verifications to ensure the integrity and recoverability of back up data, server clustering and redundant systems to the extent feasible, detailed business impact analysis and recovery strategies, crisis and incident command structures, BCP and DR plan testing and exercising, and emergency notification systems.

Experience AdvancedMD Software in a Live Demo.

Schedule a short, personalized overview, guided by a live expert.

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“If you want to be focused on your practice and not worry about infrastructure, this is it. It’s transparent, just like when I plug something into the wall I’m not worried about what the voltage is and what’s the availability; it’s just there—like AdvancedMD. It does it so well sometimes you don’t appreciate it until you really think about it.”

Judy Feingold
Occupational Therapist

“We have seen approximately a three-fold improvement on a month-to-month basis of increased collections using AdvancedMD technology as compared to our previous technology provider. That has really been a step-change improvement with respect to the economics of the company.”

Michael Paul, CEO
Lineagen, Inc.

“Everybody still does basically the same thing; they just do it in a different and better way that’s more efficient.”

Steve Wampler, MD
Greenhill Family Clinic

Read the story  ›