Reseller Access to Your Cloud Server

If you purchase your AngelTrack license from a reseller/biller, you may wonder how much access they have to your data. This document answers that question.

Access by AngelTrack LLC Headquarters

Before we discuss reseller/biller access, we should first review an important point: AngelTrack LLC, from its headquarters in Missouri, has complete access to all of your data.

This is an unavoidable fact of software: your database administrator and your server administrator can always see all data; otherwise they couldn't do their jobs. AngelTrack is a cloud application and so AngelTrack LLC is your database administrator and your server administrator.

Since AngelTrack LLC must have full access to your data in order to administer the application for you, there are policies in place to protect you:

1. No AngelTrack LLC employee, nor any member of an AngelTrack LLC employee's household, is permitted to own any stake of any EMS company.
2. No AngelTrack LLC employee, nor any member of an AngelTrack LLC employee's household, is permitted to accept a position as an employee or as a board member at any EMS company.
3. Your data will be accessed by AngelTrack LLC only when:
   1. You ask us to investigate an issue or review your processes;
   2. You ask your reseller to investigate an issue, and they forward the request to us on your behalf; or
   3. Automated monitoring software reports to us that one of your employees encountered an error, and we choose to investigate and correct the issue without being asked. (We do this because EMS is hectic and so EMS employees very often forget to report malfunctions.)
4. All AngelTrack LLC employees sign a HIPAA acknowledgement document attesting they understand the principles of federal law pertaining to data security and privacy... particularly including the principle of "need to know".
5. All access to your data occurs over HTTPS or equivalently secure protocols (e.g. SSH), just like your own employees.
6. AngelTrack LLC itself is prohibited from:
   1. owning any stake of any EMS company
   2. owning any stake of any EMS billing company
   3. being owned in part or in total by any EMS company or by any conglomerate whose holdings include any stake in any EMS company

The "AngelTrack Support" account

If and when AngelTrack LLC is required to access your data, the built-in "AngelTrack Support" account will be used to do so. You can see this account in your Employees List. The use of this account permits you to monitor -- via the Heartbeat page -- any logins from AngelTrack LLC, and to track any data modifications made on your behalf.

Access by a Reseller Who is Not Your Biller

If your reseller is not also your biller, then your reseller has only the access you grant them.

Your reseller provides you with technical support, and that is easiest to do when you grant them a login on your cloud server... but you can choose not to. Without a login, your reseller has zero access to your data. Nor can resellers utilize the administrative connection that is used to maintain your cloud server.

Without a login, your reseller can still perform technical support for you, either by verbal guidance over the phone or by a webex. In a webex you can observe your reseller's computer screen as they demonstrate something for you, or your reseller can observe your computer screen as you show them something. They will only be able to see the screens you choose to show them... and they will not be able to download any data from your cloud server.

If you and your reseller cannot satisfactorily resolve an issue in this manner, your reseller can escalate the issue to AngelTrack LLC for investigation. AngelTrack LLC can then -- if you wish -- resolve the issue without any participation from the reseller.

Access by a Reseller Who is Also Your Biller

If your reseller is also your biller, then they require a great deal of access to your data. To accomplish this, you must provision them one or more accounts on your cloud server. Those accounts must be members of the "Biller" role, which grants them the necessary access to your dispatch, PCR, and billing data. They will not be able to access anything else, such as incident records, the timeclock, fleet records, HR data, and the like.

If your biller performs your QA reviews, then the biller's account(s) must also be members of the "QA Reviewer" role. To learn more about these roles, read the Roles and Permissions guide.

Of course you can revoke this access at any time, by simply disabling the reseller's accounts, or by removing them from the high-access "Biller" role. This is one of the profound advantages of a cloud application: because your data lives entirely on your cloud server, you can grant and revoke access to it at any time. Nobody ever needs to download a copy of your data to a personal computer -- a copy which you would not have the power to delete.

Accountability Features

All significant changes to your data are journalled. You will always be able to see who modified your dispatch and billing records, and the journals will show what was changed.

The Employee Logon History report, under HR Home, allows you to review all the dates and IP addresses of each user's logins to your AngelTrack server.

The Patient Access Journal, under Settings, allows you to review all the dates at which each user accessed HIPAA-protected patient data.

You can also retrieve the cloud server log, which is the raw WWW logfile showing all requests received by your cloud server. Logs are listed and downloadable by visiting the Cloud Server Logs item under Support Home. You can review the log and see exactly who is accessing which AngelTrack pages, and when, and from which computers. For each request, you can see the date, time, IP address, page requested, type of request, and browser identification. For help in interpreting the logs, refer to the Data Leak Forensics guide.