Security and Privacy Safeguards
MetSYS security features can define access rights among users and organizations down to the field level.

MetSYS products provide comprehensive and flexible security features that meet and surpass the requirements of HIPAA and similar standards.

Powerful features enable authorized users to selectively determine what data are accessible to different users in terms of user, function, screen, record and field level access controls.

Standard Security Features

Here are some of our security and privacy protection features:

• Audit Trail. The MetSYS Transaction Log records the date, time, author and nature of all changes made to client records . Additionally, a Client Track Tool records the name of the user, date and time that client records are retrieved and viewed.
  
• Data Encryption. All data is encrypted during transmission, and data stored in your system can be encrypted. Encryption is included at no cost for the VFP database. Encryption is available via third party modules for SQL Server 2000. These encryption options protect the data from access by unauthorized persons.
  
• SSL Certifications. MetEnterprise works with MS Terminal Server’s certificate based encryption. MetLITE uses the web server’s built-in SSL capabilities to provide its encryption. 128 bit encryption is provided using definable keys. Additional data security can be gained by adding VPN tunneling and encryption.

If desired, access to all data in the system can be restricted in terms of viewing, edits, deletions or additions down to the field and individual user level.

Cross-Organization Data Sharing

MetSYS allows for real-time data sharing within communities and regions while also ensuring that each participating organization can control what data is shared with other organizations:

• Selective Access to Common Database. Powerful and flexible Security Tools provide options for each user organization to determine the data that staff from another organization can access. Each organization can determine what data are shared on an organization-by-organization bases [i.e. your organization may wish to share data with a neighboring homeless shelter, but not the local Adult School]. Each organization can block the sharing of data down to the field level, and even determine if users in other organizations can view, edit or delete their data. Organizations that do not wish to share any data can totally block user in other organizations from accessing the client data they enter.
  
• Client-Specific Data Sharing Restrictions. The “Release Tool” in MetEnterprise allows the controlling institution to enforce the client’s wishes as to which parts of their data are shared with other institutions

When considering security, you should also think about the hosting facilities that will serve you. MetSYS hosting services include every possible measure to maintain physical security [e.g. surveillance, double walled server room, alarm system, caged servers]. See Part C of this Tab for more details.