Secure Online Access


Top-Level HIPAA-Compliant Security

We have a deep appreciation for the fact that our clients are bound ethically and professionally to maintain client confidentiality and protect their clients’ private health data.

We have an equal obligation to meet the same standards.

Our promise: Your clients’ personal information will remain private and their records secure. Every action taken on your behalf is done so in compliance with all laws and regulations, including HIPAA.

Without your trust, we don’t exist. We’ve implemented multiple security layers to protect data including:

  • Using only U.S.-based servers
  • 128-bit SSL site encryption
  • 256-bit AES data encryption
  • User login and passwords
  • Java-based technology to avoid phishing
  • A constant vigilance on the latest security technologies available.

HIPAA Compliance

HIPAA is a bible at RRS. As an innovator in records management, RRS founder Chuck Dart always consults HIPAA for guidance before he pursues developing any new retrieval process or tool.

HIPAA helped form the basis for our business model. At its core, compliance with the HIPAA Privacy & Security Rules means taking vigilant measures to:

  • Ensure the confidentiality, integrity, and availability of all personal health information and records we create, receive, maintain or transmit.
  • Identify and protect against reasonably anticipated threats to the security or integrity of the information.
  • Protect against reasonably anticipated, impermissible uses or disclosures; and
  • Ensure compliance by our workforce.

Using only U.S.-based

Other records retrieval services store records on servers outside the U.S. because it’s cheaper. This is a potentially grave mistake.

Foreign businesses aren’t necessarily held to the same privacy and security standards as U.S. companies. You must take them at their word that they comply with HIPAA and U.S. laws. You have to simply believe they properly back up your data. Just cross your fingers and hope they’ll protect your records and continue to respond to your provider’s requests.

Because if they don’t? You have very little to absolutely no reasonable recourse.

Saving a few pennies is not worth putting your business at risk.

Our primary server is in Texas. Your data is backed up three times a day with a remote server backup in Arizona. Your data is kept safe and secure on U.S.-based servers that are proven to maintain the highest levels of security.

No crossing your fingers here.


Site and Data Encryption

128-bit SSL site encryption

RRS’s site is SSL certified using 128-bit encryption. SSL (secure sockets layer) establishes an encrypted link between a server and a web browser for impenetrable security. This industry standard certification ensures that the information accessed from and provided to our site is transmitted through a secure connection.

256-bit AES data encryption

Medical records and protected health information require advanced data encryption measures, particularly when accessed using mobile devices over open or unencrypted wi-fi hotspots. Failing to provide security on this level poses risks and potential liabilities to firms using remote devices to access medical records.

Our security meets or exceeds all government standards for data transmission. Records requested from RRS’s website are accessed by 256-bit encrypted code, ensuring that records can be retrieved only by authorized request.


User login and passwords

Usernames and passwords are required for accessing data. These are case sensitive to meet HIPAA standards. A built-in denial of access is triggered after multiple incorrect login attempts.


Avoiding URL phishing with
Java-based technology

Documents stored on RRS servers are inaccessible via URL or other phishing methods.

Phishing is a fraudulent attempt, usually made through email, to steal personal or client information. Using multiple URLs exposes personal health information to theft. Hackers are given an opportunity to steal data that remains static after an online session is over.

The RRS website uses a single URL and runs exhaustively on Java technology. Using Java-based technology provides dynamic rendering of data without the ability to track data through URLs. As records are uploaded to RRS’s site, they are stored securely outside web folders and can be retrieved only by our secure internal application.