This website has been created by Paul S. Edgecomb, MD to aid in on-call and vacation scheduling for the Internal Medicine Department at Mount Sinai Doctors / Long Island. Access is open only to physicians and administrators in our medical group.

Privacy

  Information entered into the database is used only for scheduling purposes -- i.e. arranging vacation time, assigning on-call dates, and communicating with you about these activities. Personal information will never be shared with or sold to outside entities for any purpose whatsoever.

Security

  To the best of my abilities (I'm a doctor, not a web programmer), I've employed the most current security techniques, as follows:

  (1) A security certificate has been obtained from LetsEncrypt.org - a new (and free!) certifying authority that is recognized as secure and reliable. When browsing to this website, you should see a tiny "padlock" icon at the right-hand side of the URL box to confirm that you have a secure connection.

  (2) Access to the site requires HTTPS -- i.e. the secure, encrypted version of the Hypertext Transmission Protocol. This guarantees that information you enter (such as username, password, or other personal information), and data that is displayed to you, is transmitted as encrypted data that cannot be "snooped" on, even if you were to use an insecure wi-fi or cellular network for your internet access.

  (3) All personally-identifiable data stored in the database is stored in an encrypted format, so if there were to be a data breach, the data obtained would be useless to the attacker. I use the Blowfish cipher. It is no longer the most modern or advanced cipher available -- AES and Twofish are considered stronger ciphers -- but Blowfish is free, fast, easy-to-implement, and has never been successfully deciphered.

  (4) Passwords are not directly stored in the database. They are stored as a "salted hash" with the SHA-256 hash routine; this provides an even further level of security -- the sign-in routine can determine if you're signing in with the correct password, but if an attacker were to breach the database, AND discover the encryption formula, there STILL would be no way for him/her to determine what your password is. In fact, even I, as website administrator, have no way of determining what your password is. There are slightly more advanced hash routines, such as SHA-384 and SHA-512, available, but since SHA-256 has never been cracked, SHA-256 is still considered very secure.