Platform Security & e-Prescribing Controls

YourMD Telehealth implements enterprise-grade security controls for platform protection and DEA-compliant e-prescribing.

Authentication & Identity Verification

NIST IAL2-Compliant Identity Verification

NIST SP 800-63B
  • Multi-step identity verification process
  • Government-issued ID verification
  • Live biometric capture with liveness detection
  • Human review for enhanced security
  • Risk-based authentication scoring

Advanced Liveness Detection

  • Passive liveness analysis (texture, micro-movements)
  • Active challenge-response verification
  • Anti-spoofing technology
  • Deepfake and mask detection
  • Video injection prevention

Multi-Factor Authentication

HIPAA Compliant
  • Time-based One-Time Passwords (TOTP)
  • Biometric authentication
  • Hardware security key support
  • Continuous authentication monitoring
  • Risk-based step-up authentication

Dual-Layer Session Management

NIST-Compliant Cookie Sessions

  • Secure, HttpOnly, SameSite flags
  • 30-minute idle timeout enforcement
  • Session fingerprinting
  • CSRF token protection
  • Automatic session extension on activity

Secure Session Packets

  • Encrypted session credentials
  • Device-specific fingerprinting
  • Extended validity for trusted devices
  • Anomaly detection and monitoring
  • Automatic revocation on security events

Authentication Methods by Security Level

Method Security Level Use Case Compliance
Password + CAPTCHA Basic Initial access NIST AAL1
TOTP Authentication Enhanced Provider portals NIST AAL2
Biometric Verification Maximum PHI access NIST AAL2/IAL2
Hardware Security Keys Maximum Administrative access NIST AAL3

Auditing & Monitoring

Complete Audit Trails For:

PHI Access

  • Patient record views
  • Data modifications
  • Report generation
  • Data exports

Provider e-Prescriptions

  • Prescription creation
  • Medication changes
  • Refill authorizations
  • Cancellations

Credentialing Updates

  • License verifications
  • Privilege changes
  • Access modifications
  • Role assignments

Administrative Overrides

  • Emergency access
  • Permission grants
  • Security bypasses
  • System changes

Retention Policy: All access logs retained per HIPAA 45 CFR ยง164.312(b) - minimum 6 years, encrypted and tamper-proof

e-Prescribing Security Features

EPCS Certification Pending

Electronic Prescriptions of Controlled Substances - Surescripts Certification in Progress

Currently supporting non-controlled substance e-prescribing only

DEA-Compliant Authentication

  • Two-factor authentication mandatory
  • Identity proofing per DEA requirements
  • Logical access controls
  • Credential management

Encrypted Transmission

  • End-to-end encryption
  • Provider to pharmacy secure channel
  • PBM integration security
  • NCPDP SCRIPT standard

Cryptographic Signing

  • Digital signature certificates
  • Non-repudiation guarantee
  • Timestamp authentication
  • Prescription integrity verification

Prescription Tracking

  • Complete audit trail
  • Real-time status updates
  • Pharmacy acknowledgments
  • Dispensing confirmations

Controlled Substance Prescribing

Provider Requirements:
  • Valid DEA registration
  • State-specific authorizations
  • EPCS enrollment (when available)
  • Identity verification completed
Security Requirements:
  • Two-factor authentication every session
  • Biometric or hardware token required
  • Prescription limits enforced
  • Automatic DEA compliance checks

Incident Response & Breach Notification

24/7 Security Monitoring

  • Real-time threat detection
  • Automated alerting systems
  • Security operations center
  • Continuous vulnerability scanning

Rapid Breach Detection

  • AI-powered anomaly detection
  • Behavioral analytics
  • Network traffic analysis
  • Access pattern monitoring

72-Hour Notification

  • HITECH Act compliance
  • Affected user notifications
  • Regulatory reporting
  • Media notifications if required

Forensic Review

  • Root cause analysis
  • Impact assessment
  • Evidence preservation
  • Remediation planning

Technical Safeguards

Data Protection

  • AES-256 encryption at rest
  • TLS 1.3 for data in transit
  • Encrypted database connections
  • Automatic key rotation
  • Secure backup procedures

Network Security

  • Web Application Firewall (WAF)
  • DDoS protection
  • Intrusion detection systems
  • Network segmentation
  • Zero-trust architecture

Access Controls

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Automatic session timeouts
  • IP-based restrictions
  • Audit trail for all access

Compliance & Standards

NIST SP 800-63B

Digital identity guidelines for authentication and lifecycle management

HIPAA Compliant

Full compliance with Privacy and Security Rules for PHI protection

IAL2 Verification

Identity Assurance Level 2 with biometric verification

DEA EPCS - Pending

Electronic prescribing for controlled substances certification in progress

Security Framework

Continuous Monitoring

24/7 security monitoring with automated threat detection

Risk Assessment

Regular vulnerability assessments and penetration testing

Security Training

Ongoing security awareness training for all staff

Compliance Audits

Regular third-party audits to ensure compliance

Security Contact

Report Security Concerns

YourMD Security Operations Center

๐Ÿ“ง security@yourmd.online
๐Ÿ“ž 24/7 Hotline: (702) 430-7801
๐Ÿšจ Emergency: Press 1 for immediate response

Bug Bounty Program: Report vulnerabilities responsibly and earn rewards. Contact security@yourmd.online for details.

Return to Home Privacy Policy