Securing a Mobile EMS Operation

Although a mobile/paperless EMS operation is vastly more secure than a paper-based operation, it is not automatically bulletproof. A few initial steps, and a couple of ongoing company policies, are required. Most are necessary for HIPAA compliance, but all are sensible and inexpensive.


Minimize Role Membership

AngelTrack uses roles to grant access to its features and data. When an employee is a member of a role (such as "dispatcher"), that employee has all the privileges of that role, including read and (sometimes) write access to that role's data. Some roles are very powerful, with write access to large amounts of company data.

Greater access creates greater opportunities for accidental damage -- not to mention sabotage. So, do not add employees to any role unless they have a bona fide and ongoing need for those access privileges. And remove them from roles they no longer perform.

Use the administrator account only when necessary

Never never use AngelTrack's built-in administrator account for day-to-day operations. The administrator account has full read/write access to everything in AngelTrack, so a person logged-in as administrator has many opportunities to accidentally modify something important. This is a liability, no matter how trustworthy or careful your employees are.

Use the administrator account to create yourself a separate employee account. Add yourself to whichever roles you require. Then logout, log back in using your new account, and don't use the administrator account again unless you specifically need to.


Computer security


Do Not Share Accounts

Every person who accesses your AngelTrack cloud server should have their own separate employee account. No exceptions.

Resist the temptation to create an employee account named "QAReview" or "Billing" for multiple people to use. When multiple people share an account in that manner, it becomes impossible to tell which one of them performed which action. You won't be able to trace a mistake back to the person who needs retraining.

This also applies to any outside contractors who you invite in to your cloud server. Even if the contractors all operate under a single company ("Acme Billing"), do NOT create them an "AcmeBilling" account even if they specifically request it. Each one of Acme Billing's employees should have a separate account in their own name.


Securing Passwords

Password policy is a pillar of IT security. Appropriate password policy is already built in to AngelTrack, and no further action is required unless you wish to adjust it.

Password expiration

AngelTrack has a password expiration interval, configurable on the Preferences page accessible from the Settings page. By default, the expiration interval is 180 days. You can choose any interval from 1 to 999 days, or set it to 0 to disable password expiration.

When an employee's password is expired, they will be prompted to change it when they next access AngelTrack. As with announcements, the password expiration prompt will not be shown if the employee has an active dispatch assigned.

Password expiration has another benefit: when employees are prompted to reset their password, they are also prompted to update their mobile number, their mailing address, and their emergency contact... in case these are outdated.

Common passwords automatically prohibited

AngelTrack has a built-in list of the 150 most common passwords. Attackers have the same list, and routinely use it to conduct brute-force attacks. To protect you from such attacks, AngelTrack does not permit any employee to choose a password that is on the list.

Warn employees to not share passwords

Employees should be counselled -- and then occasionally reminded -- that they are strictly prohibited from sharing passwords with other employees.

Sometimes, an employee will use another employee's password because he (the employee borrowing the password) does not believe that he is running any personal risk. The risk, he feels, is born entirely by the employee who mistakenly told him their password. Counter this assumption by reminding employees that just knowing another employee's password is a personal liability: if Bob knows Alice's password, and Alice knows he does, then Alice can later blame Bob for her own activities in AngelTrack. Alice could say "I don't know who made those changes, but I know Bob knows my password, go talk to him."

Automatic account lockout

In order to defend against brute-force password guessing attacks, AngelTrack automatically locks its user accounts after several unsuccessful password attempts.

Account locked

When locking a user account after repeated password failures, AngelTrack follows this lockout schedule:

Consecutive Incorrect Passwords Lockout Duration
2 none
3 2 minutes
4 5 minutes
5 10 minutes
6+ 60 minutes

A locked account can be unlocked by anyone with Captain or HR privileges. Just pull up the employee's record from the Employees list, and then save it back.

Self-service password reset

If an employee has typed their email address into their employee file in AngelTrack, they will be able to reset their own password if locked out. In this situation, AngelTrack will offer a reset button to the employee:

Password reset option

The employee will then receive an email containing a new, randomly-generated AngelTrack password.


Keypad doorknob Securing Desktop Computers

Desktop computers used by back-office staff (dispatchers, billers, and the like) should have a passworded screen-saver configured to protect the computer after 5 minutes of inactivity. Back-office staff enjoy a great deal of access to AngelTrack, and there is always the risk they will go home for the night without remembering to logout of AngelTrack. The passworded screensaver secures that vulnerability.

If that proves too annoying, then a reasonable alternative is to secure the door of the dispatch office and the billing office. Install automatic door-closer mechanisms on the doors, and then install keypad doorknobs so that only authorized employees may enter. Once that's done, you could set a longer screen-saver lock on the computers inside -- perhaps thirty minutes instead of just five.

Remove dangerous software

According to Symantec, over 90% of virus infections occur via these three pieces of software:

All three of these unfortunate pieces of software install themselves into your web browser, making your browser vulnerable to "drive-by" virus infections from web-pages that carry malicious banner-ads. You should remove the software from your office computers ASAP.

If you work with .PDFs, you will need a safe .PDF reader to replace Adobe Acrobat. There are many alternatives, some of them free: Nitro .PDF Reader, FoxIt Reader, and Sumatra .PDF Reader are just a few examples.


Securing Mobile Devices

Automatic screen lock

A lost or stolen tablet creates a brief security vulnerability, if an employee was left logged-in on its web browser when the tablet went astray. In the interval between losing the tablet and realizing the loss, a malicious party could use the logged-in web browser to access the employee's run reports, certificates, and the like.

To secure this vulnerability, iPads and other tablets taken into the field should be configured with a lock screen and passcode. Choose a simple passcode that every employee can remember -- perhaps the last four digits of the company's main phone number? -- and then configure tablets to delete themselves after a few unsuccessful attempts.

An ugly iPad case Distinctive cases

To reduce the odds that company-owned mobile devices get stolen, select a protective case that is distinctively colored or decorated, and use the same case on every company-owned device.

A bright and ugly color is best: orange, lime green, fuschia. Not only do such colors make the device unappealing to steal, but they also make it easier to find when accidentally left somewhere.

Central registration and remote wipe

Company-owned mobile devices should be registered to a central authority (e.g. iTunes), which then allows tracking and remote wipe. Do not hesitate to remote wipe a mobile device that has gone missing; if it is subsequently recovered, no EMS information was lost, as AngelTrack does not store any information on the device.

Securing personal mobile devices

If you permit your employees to use their personal mobile devices in the line of duty, then announce a HIPAA rule which they must follow:

If you use your personal mobile device to photograph HIPAA-protected patient documents, then federal law requires you to set a password on your device. Configure the device to wipe itself after ten unsuccessful password attempts.

At the end of each shift, after all reports are sent to QA, delete all HIPAA-protected photographs from your device.

This policy is already written for you as a built-in announcement in AngelTrack; you must simply activate the announcement.


Employee Termination Policy

When an employee is terminated, it is important to immediately suspend their access to AngelTrack. Although AngelTrack does not permit gross damage like report and document deletion, a disgruntled employee could nevertheless alter his or her run reports so as to cause problems in Billing, or alter the reports crewmates to add profanity and the like. Therefore it is important to add the task "Revoke the employee's AngelTrack access" to your termination procedure.

Revoking AngelTrack access is easy. Any user with HR privileges can mark any employee inactive, which immediately suspends all AngelTrack access. Employees can easily be reactivated later, so do not hesitate to deactivate an employee when termination is imminent.


Logging of All AngelTrack Activity

You are already familiar with AngelTrack's journals, which track field-by-field changes to all dispatches, invoices, and timeclock entries. These journals cannot be altered or deleted by anyone, and hence are admissible in court as evidence.

In addition to this, AngelTrack logs all web activity from your employees at the request level. This means you can review who accessed your AngelTrack cloud server, including the date and time, their IP address, their device type, and the pages accessed. The log cannot be altered and is retained for 180 days.

To learn more about the log and how to download it for review, read the AngelTrack's Security Features Guide.

To learn how to use AngelTrack's logs and other forensics features to trace a data leak or other malfeasance to the responsible employee, read the Data Leak Forensics Guide.



AngelTrack Help Index - AngelTrack Support