1. A “stand alone” version where all equipment and data are housed within the physicians office.
   
2. A web based (or ASP) version where the data is stored at a site remote from the physician's office.

Regardless of the version, the data belongs to the physician (or practice).  Data stored at a remote location is guaranteed to be “repatriated” should the physician discontinue using DrKnow^™. 

For the web (or ASP) version, security is provided by encrypting the data as it is transmitted to/from the physician's office.  The web service provider has secured the location, and has implemented top-level security regarding his staff.

Both versions have additional security to comply with HIPAA requirements, including, but not limited to:

• Login ids and password to access the system in general
• Login ids and password to access DrKnow™
• Audit trails to identify who has accessed records and/or altered records
• Audit trails for all email both incoming and outgoing, for DrKnow™
• Audit trials for all accounting records (ledger sheets)
• Audit trails for all exported records, whether provided on CDs, flash drives or emailed
• Audit trails for all prescriptions and refills
• The ability to define the “role” of users, e.g. Nurse, physician, secretary, file clerk, and limit access to particular modules of the program.
• The ability to encrypt all email from the program

Furthermore, those practices that elect to use Java “smart card” technology and Sun Microsystems SunRay™ thin clients (a keyboard, mouse and monitor connected to a card reader), can provide additional security by essentially rendering any “station” inaccessible by removing the card from the card reader.  The station comes “back alive” only when an authorized card is inserted into the card reader.  Thus stations located in exam rooms and public areas are physically secured.