The Echafi system considers the security measures as a very important priority; and it affects these measures in several level, which are summarized as follows:

1. Security application level:

• Creating an account for each user with a username and password, account data will be extracted from the employee's file and data connections must meet two criteria:
• We cannot use the real name as an identifier.
• The Password must contain at least 7 characters.
• Give The permissions according to the data of each user and the medical data, financial data and administrative data  must be separated… for example the doctor has no right to see financial data and a single employee does not have the rights to see medical data because he/she is not saved in the database as a doctor
• A user cannot open the same account on multiple machines.
• Each user has permissions depending the nature of his/her work, and each tab provides a few permissions as reading, insertion or modification or deletion or printing

 2. Security database level:

•  The System uses the DAL like type of communication because it ensures safe access to the SQL database.
• Some Medical data is encrypted.
• To Access to the database via SQL server you must insert a password designed by the society
• Benefit of all the security measures provided by the SQL database.
• The database will be installed on a dedicated server, so the society add other security measures on the server itself.
• The Echafi system creates a copy of the database to save.

 

  3. Security process level

• The Echafi system saves all actions coming on the system. The control tab records each connection or disconnection, insert new patient generation of invoices, impressions accompanied by username, date and name of the machine.
• Each User has permissions:

1. Reading
2. Inserting / modification
3. Impression
4. Suppression

For the medical sector, the system checks all statements made by the medical staff, for example, we can find out who put the patient in the emergency department and the person who transferred him/her and treatments performed by each nurse or doctor and also other details.

See also :

- Safety components and privacy protection for information management systems

- The terms of the contract before installing the electronic medical record.