Guaranteed Security
"Peoplechart is perfect for kids that see lots of doctors. Once, when I had one of the girls in the
emergency room, I made a call to the call center and had the summary report and most recent records faxed
right to the hospital."
– M. W. (Knoxville, TN)
How Peoplechart Protects Your Medical Records
Peoplechart was created and designed with you, the individual, in mind. Our patented security system
is designed to keep your information secure at all times. It combines the use of firewall security with SSL
encryption for all data transmittals.
You need two codes to login to your account: User ID and Password. Session ID is the third and optional code — unique to
Peoplechart and enables you to keep your vital information stored offline (in our secure system) until you
schedule a time and duration for the information to be available through the Internet.
At the start of the scheduled session, the member’s information along with the user’s assigned "Access Level"
privileges are moved to an encrypted private file where they can be accessed online using the special Session ID.
At Peoplechart, we respect your privacy and require that our staff follow strict operating guidelines to protect
the confidentiality of your information:
- From record collection, to access and distribution, you are always asked for your explicit permission
- Different levels of access privileges allows you to determine the type and scope of information to share
(or not to share), with whom and for how long
- Operational guidelines, extensive audit trails and state-of-the-art systems security ensure that your medical information
is private, and handled only according to your instructions
Peoplechart keeps all authorized parties informed at all times to ensure that they see the information in real-time.
Peoplechart’s Audit Trail functions track all account activities and Peoplechart email notifications make sure that
everyone is in the loop when it comes to:
- Who has login and accessed records since member or user’s last visit or for any specified time period.
- When new users are created.
- What information is actually viewed, saved and assigned by/to others (via folders).
Patented Security System
Information security is a major concern that people have about their medical records, especially with
accessing and distributing information through the Internet. Peoplechart’s patented security system,
the Dual-Channel Lock, is developed around the concept of risk minimization, where exposure is minimized by
the amount of information that can be accessed at any one time through the Internet.
Essentially, the individual uses the telephone (first channel) to call our 24×7 customer support to
set the start time and length of time (duration) for the information to be accessible through the Internet.
The files are transferred to a different computer system that has online connectivity only when the person
logs in through the Internet (second channel). Any breach of security would only affect the information of
members who are logged in at the same time and not of other members. In addition, we employ security
standards for encryption, user authentication, and data transmission through secured socket layers.
Diagram Description
The following diagram is a high level view of how our systems work to keep information even more secure
than a standard state-of-the-art firewall and password(s) protected systems.

Unlike most security systems, Peoplechart’s patented Dual-Channel Lock Security System is
specifically designed to minimize information that can be accessed through the Internet. As the diagram
shows above, we help reduce risk of unauthorized access to member’s information by keeping the information
in an Offline Database server. At the same time, we can provide immediate access online without having the
database directly connected to the Internet. At a high level, here's how it works. (The numbers below
correspond to the numbers on the diagram).
- Member calls our 24×7 toll-free phone center to schedule a secure session. A session enables
the user to access their personal health information online starting at a specific time for a specified
length of time (duration). Otherwise, the information is kept in storage in an offline database.
- The phone center agent authenticates the caller and uses the one and only systems connection to
our offline database server to trigger the handling of the records. (This is an internal/private connection,
not accessible via the Internet). The agent then gives the user a Session ID and ends the call.
- At the scheduled time (within seconds after the call ends or at any future time), the offline server
pushes a copy of the patient’s information to a second server, the Internet-accessible server (Active
Session Server).
- While this information is sent for temporary storage and access on this Active Session Server, the
member or their authorized users can log on via the Internet by entering a valid UserID, Password, and
Session ID.
- Secured Sockets Layer (SSL) encryption is used to ensure that data is encrypted and securely
transmitted between the Active Session Server and the member’s browser window, per HIPAA requirements.
- Once the scheduled duration of the session is over or when the member logs off, the information is
removed from the Internet-accessible server (or the Active Session Server), and the offline server database
is updated for any new information.