Data Protection and Privacy
HIPAA and GDPr Compliant, Secure Document and Confidential Information Management
At VCS we realize that your confidential product information is critically important to your continued success in business.
Our storage systems are cloud based and require a designated username along with 2 factor authentication. Passwords are rotated automatically on a 60 day period, and have a minimum of 10 characters with multiple character complexity requirements.
User access is limited on a “least information required” level, and respective business departments are only able to access the secure areas that are required by their station.
HIPAA Compliant, 2 Factor Protected Health Information (PHI) Database
VCS utilizes RealTime CTMS as its designated system for PHI and panelist data as a result of its validated and proven track record.
RealTime provides us a means of tracking our panelists with a photographic database along with various medical and social history functions.
At VCS we believe that the key to a successful study starts with recruiting the right people for the research. We collect over 100 unique attributes with all panelists and take photos from multiple angles, allowing for unrivaled documentation of underlying conditions.
Redundancy is Key, and Backups are Critically Important
All data centers are secured and backups occur in real time via our third party IT Security, as well as Microsoft’s AWS. Data is stored in multiple facilities and secured via Blockchain encryption.
Data at rest is secured via 128 bit encryption, and data in transit is secured via SSL and secondary transmission security layers when applicable.
Security in Data at a Geographic Level
Data centers are geographically distant and diverse, and an outage of one or more data centers would have no direct bearing on our ability to operate. In the event of a data breach, sponsors would be notified immediately, but due to secondary encryption external access does not actually mean that there is direct protected/confidential information compromise.
Encryption and Client Communications
All client facing emails are encrypted with the latest SSL protocol and secured. For targeted communications, VCS employees’ secondary encryption keys can be requested at any time.
Data at rest is encrypted on all company devices, and data in transit is all SSL secured.
VCS is also comfortable reviewing and implementing sponsor specific communications for transmission of confidential information, including but not limited to proxies, FTP uploads, and third party secure transfer services.
Delivery of Data
Final reports are delivered via SSL protected email transmission, and clinical images are delivered via secure link digital transfer and/or password protected USB drive. We understand that different companies have alternative SOPs and standards in place, and our commitment is to make the process as easy as possible while protecting your data and our reputation.
IRS Compliant Payments
At VCS we do not implement traditional cash or check payments. All payouts are handled by electronic transfer to controlled, refillable debit cards via RealTime SitePay. This allows us to document each individual payment, and automatically document 1099/Research Income for all subjects and study respondents.
Cash is always a security risk, and eliminating it from the business from the get go has allowed us to be more transparent and more efficient in a number of ways.