Information and Data Security Compliance Statement utilizes a number of techniques to ensure that patient data remains secure when being transmitted and stored per the HIPAA and HITECH security and privacy guidelines. This includes encryption of all personal health information (PHI) within the database, using HTTPS for connections to the website and VPN for HL7 messaging.


Each PEDS Online® account is assigned a unique username and password, which is secured by a random, encrypted token.

Local Data and Backups has written policies and procedures for data backup, recovery, and destruction to ensure that proper handling of all data, regardless of its form, is done in a secure manner.

Security Vulnerability Scans has partnered with an industry leading security company to perform site wide risks assessments on an annual basis which allows for the identification and rating of any potential risks within the site to be remediated to the fullest extent possible.

Site Modifications and Updates

All site modifications are performed using the software development lifecycle best practices. After the coding and unit testing phase, the software is migrated to a test environment that mirrors our production environment. The test environment is where we perform our integration, system and user testing. When sign-off is obtained, deployment to production begins. Depending on the project, this can be simple or complex. Complex deployments include end user training and the participation of on-call IT staff. The goal of all site changes is to give our end users a consistent uptime and reduce the potential for outages.

By combining all of the previously mentioned strategies and safeguards, is able to provide a private, secure and compliant environment that maintains all data in a protected and monitored manner.