Privacy and Security

Magnus Health is committed to maintaining the confidentiality, integrity and security of personal information about our current and prospective users. We adhere to the highest standards in security in order to keep your data private and secure at all times.

Data Privacy
Conducted annually by TRUSTe, this successfully completed audit demonstrates that the Magnus website’s privacy policies and practices are assessed against the TRUSTe Privacy Certification Criteria. For more information on Magnus Health’s certification status, click here.

trustwavelogo

PCI Compliance
Magnus Health is compliant with all current applicable Payment Card Industry (PCI) Data Security Standards (DSS) and subjects all of its Internet connected devices to third party scans monthly as part of our compliance policy/procedures.

geotrust_logo

SSL (Secure Sockets Layer)
SSL certificates are the ultimate online security and trust solution delivering both 256-bit encryption and trust mark providing third-party website identity validation. The presence of SSL means that communications between your browser and this site’s web servers are private and secure.

Online Security

  • Security from the ground up
    Our applications are designed with security in mind. Security is a high priority requirement within every phase of our products. We apply stringent processes to ensure the security of our systems and applications throughout design, development, testing, and day-to-day operations.
  • Account and password protection
    Magnus Health is designed so that you, and those designated by you, are the only ones who can access your account. Your account is always password protected and we utilize strong password policy and non-reversible hashing for storage of the password. The security sub-layer is capable of detecting any anomaly within the system to proactively prevent malicious activities and alert our security staff.
  • Military level encryption
    Magnus Health employs military level security – the highest standards in Internet and data security. Our independent, multiple security layers include strong cryptographic implementations (such as 256 bit data encryption, 128 bit data encrypted SSL systems using Advanced Encryption Standards) and defense-in-depth network protection (with multiple firewalls, intrusion prevention appliances, and active monitoring systems).
  • Security monitoring and optimization
    Magnus Health hires the best security experts to conduct periodic security reviews and vulnerability assessments. We also actively monitor and continuously optimize our security infrastructure, both within the application codes and across our network/system platform.
  • Privacy protection
    Magnus Health NEVER shares or rents your data with or to anyone without your consent. You can delete any or all of your data from your account at any time and Magnus Health immediately erases it from the system.

Document Security

  • Mailed Records
    While your documents are in transit, they are subject to the security policies of the U.S. Postal Service (or other selected carrier you choose to expedite them). Once we receive them, only authorized employees monitor them in our processing facilities. Records are processed and then kept on file for 30 days in our secure mail-in storage location, only accessible by authorized personnel. They are destroyed after 30 days by a third-party, HIPAA compliant, document destruction service.
  • Faxed Records
    Your fax communications are kept private and secure by utilizing 128-bit SSL encryption, the same level of encryption used by online banking and financial institutions, to protect all inbound and outbound communications. Secure Socket Layer (SSL) protection encrypts the message from end-to-end, ensuring the message is encrypted even before the fax is sent from your location. We use the latest and highest grade firewall protection and intrusion detection and proprietary security systems to protect your data. Once a fax is received, it can only be accessed by authorized personnel to complete necessary quality control auditing. This process is completed on a secure internal network and any electronic copies of records are destroyed within 30 days of processing.

Data Security

  • No Hardware or Software to Install
    SMR is web-based, meaning the only requirements for using it are an Internet connection, and a device that can access the Internet. You will never have to download software or install hardware in order to use and access our products. This means that your school is constantly working with the most current version of our software, without having to pay for upgrades, and implementation is quick, easy, and without delay due to obtaining or installing hardware or software.
  • Permissions
    Permissions allow Magnus users to dictate the level of access others have to private information, significantly reducing the risk of information falling into the wrong hands. Permission to student or camper information is controlled by the administrator, who grants nurses, coaches, counselors, and other faculty varying levels of visibility. Read, write, and access permissions make this possible. Permissions are customized by the administrator for each user, and can be changed at any time, ensuring health information is communicated securely and effectively.
  • Disaster Recovery
    Paper medical records are vulnerable to all kinds of natural disasters, theft, or permanent loss, as are non web-based software systems. If the file folder or computer containing health information can be burned, flooded, blown away, stolen, or destroyed, that information is vulnerable. On the other hand, SMR is completely web-based, and therefore, has built-in disaster recovery. Student information cannot be lost or destroyed because it is online, stored on off-site servers, and backed up on multiple additional servers located around the country. With SMR, should a disaster strike, health information is still accessible so you can resume operations quickly, without having to recollect information.