Yes, FCPro is secure. FCPro has been built (and is maintained) according to web design best practices as outlined by HIPAA guidelines. We do not have the resources, however, to be audited for official HIPAA compliance.
Here are some extra nerdy details:
- All web traffic is encrypted using a TLS 1.2 certificate (TLS is the successor to the more commonly known SSL) issued by a major certificate authority. What this means: all data that is shared over the internet between the server and a user's web browser is encrypted.
- Data points that uniquely identify clients (name, DOB, phone number, address, etc.) are encrypted within the database. What this means: even if a hacker were able to get a peak at the raw Clients Table in the database, all they would see is a series of gobbledygook characters that are meaningless without the encryption key.
- Data points that uniquely identify clients are also hidden from the FCPro user interfaces until the user clicks a button (and enters their unique PIN) to show them. What this means: users don't need to see this information for the majority of the time they need to interact with FCPro, so the window of time during which a client's identity is visible on screen is reduced to a tiny blip on the overall radar screen.
- The web app is designed and hosted according to other various industry-standard best-practices.