Legal Statement

Copyrights
Copyrights on the documents on www.xifin.com are owned by XIFIN, Inc. or by individual contributors as specified therein.

Disclaimer
Any information available through this site: www.xifin.com, (including information accessed through a web site referenced or linked from this site), is provided for your information and convenience only.

XIFIN does not evaluate and does not guarantee the accuracy or completeness of any such information, and publication and distribution such information does not imply endorsement by XIFIN. XIFIN strives to protect control of this www.xifin.com, within the constraints of current Internet technology. However, you must be aware, it is possible that third parties may obtain unauthorized access to this www.xifin.com. You agree to use www.xifin.com and submit information at your own risk. You agree that XIFIN has no liability with respect to any unauthorized access by third parties.

INFORMATION ON WWW.XIFIN.COM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.

INFORMATION ON WWW.XIFIN.COM MAY INCLUDE TECHNICAL OR OTHER INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO WWW.XIFIN.COM WITHOUT NOTICE. XIFIN MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCTS DESCRIBED ON WWW.XIFIN.COM AT ANY TIME WITHOUT NOTICE.

XIFIN shall not be liable to any party for any direct, indirect, special or other consequential damages for any use of www.xifin.com website, or on any other hyperlinked web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system or otherwise, even if XIFIN is expressly advised of the possibility of such damages.

You should not rely upon the information provided on www.xifin.com to make commercial decisions. You should contact XIFIN directly to obtain current information related to XIFIN, including information regarding XIFIN products and services.

Trademarks
XIFIN is a registered trademark of XIFIN, Incorporated.

Certain other product names, brand names and company names mentioned in this site may be trademarks of their respective owners.

Contact Us
© 2002-5 XIFIN™ Inc. All rights reserved.

Privacy Statement

Your Privacy is important to us when you visit our web site.

Below is a description of the Privacy policies as they relate to our web site. While visiting this site, you have to opportunity to volunteer visitor and personal information, including e-mail addresses to answer the e-mail we receive. Such addresses are not shared with outside parties. Visitor information may also be collected automatically as you navigate through our site. We will not sell, share, or rent this information to others.

Cookies

A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. Once the user closes their browser, the cookie simply terminates. For instance, by setting a cookie on our site, the user would not have to log in a password more than once, thereby saving time while on our site. If a user rejects the cookie, they may still use our site.

XIFIN is committed to protecting your privacy when you visit www.xifin.com. This Privacy Statement explains what information XIFIN gathers from this web site, how XIFIN uses this information and how it is protected by XIFIN. If you have any questions, please contact XIFIN.

Information XIFIN Collects

If you request information from www.xifin.com through e-mail forms, XIFIN asks for and stores the business-related information you provide (such as name, e-mail, corporate profile and phone numbers.) to assist XIFIN in responding to your request. This information is used for business contact only. Sometimes XIFIN needs specific personal information to register before entering a limited-access portion of XIFIN. In those situations, you will be directed to another statement of privacy that explains data collection and use in those situations.

If you apply for a job at XIFIN, additional information about you may be requested. This information is used for employment consideration only. Unless you request otherwise, XIFIN keeps this information for future consideration.

How XIFIN Uses Information

A unique identifier for your computer (IP addresses) and other non-personal data elements (Cookies) are used to track your visit to XIFIN.

This information is used to administer the XIFIN web site. This information may also be used to gather broad demographic information, compile aggregate statistics about the number of visitors to XIFIN and other "site behavior" information.

Cookies

Cookies are used to identify which computer you are using (brand and processing type and speed, connection, etc.), assist in the navigation of the XIFIN web site and remembering computer settings. Cookies are not permanently maintained within our tracking system. You may prevent your computer from accepting cookies by modifying the properties on your web browser; however, stopping your computer from accepting cookies may limit your functionality on the XIFIN web site.

Cookies are also used to pre-fill forms so that you do not need to re-enter the data. Accepting a cookie does not give XIFIN access to your computer or any personal information about you.

Clear gifs

Web beacons, also known as clear gif technology or action tags, assist in delivering cookies. This technology tells XIFIN how many visitors clicked on key elements (such as links or graphics) on a XIFIN web page. XIFIN does not use this technology to access your personally identifiable information; it is a tool XIFIN may use to compile aggregated statistics to provide feedback to web designers, content providers or business managers to assist them in improving the XIFIN web site. XIFIN does not share tracking information with other unaffiliated companies, and XIFIN does not allow other companies to place clear gifs on XIFIN.

Opting out

XIFIN uses the contact information to provide you with the information you requested about XIFIN.

At www.xifin.com, you can register to received e-mails for information that interests you, such as the e-Newsletter. XIFIN only offers "opt-in" lists; that is, you may sign-up and sign-off at any time. To unsubscribe, simply reply to the e-mail address at the bottom of the e-mail sent to you.

Internet Links (other web sites)

This Privacy Statement applies only to www.XIFIN.com. As a convenience to you, the XIFIN web site contains links to other sites that may provide useful information. XIFIN has no control over the privacy policies or practices of these other sites, and is not responsible for the privacy practices or content of web sties to which XIFIN links, list, rank or identify by means of a search. XIFIN takes no responsibility for the products, services, policies or actions of third parties or the content of third party web sites. XIFIN encourages you to be aware when you are leaving the XIFIN site and to learn the privacy policies of each web site you visit before providing information.

Security

XIFIN has security measures in place intended to protect the loss, misuse and alteration of the information under the control of XIFIN. XIFIN takes the necessary steps to securely store personal information that is submitted via the www.xifin.com web site.

Changes

XIFIN reserves the right to change, modify, add or remove portions of this Privacy Statement at any time, but will alert you that changes have been made by indicating on the Privacy Statement the date it was last updated. When you visit this web site you are accepting the current version of this Privacy Statement as posted on the site at that time. XIFIN recommends that you re-visit this Privacy Statement on occasion to learn of any changes.

This Privacy Statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Last revised: December 1, 2004

Contact Us

XIFIN looks forward to communicating with you. Should you have questions or concerns about this Privacy Statement, please use the contact link below.

Contact Us
© 2002-05 XIFIN™ Inc. All rights reserved.

Client Tier

The client tier is browser based, supporting Internet Explorer 5+ and consisting primarily of JSP generated HTML and JavaScript. Browser-based client architecture was selected in order to provide XIFIN AR users with a "no-deployment" strategy, client hardware independence, and "zero-maintenance"solution.

JavaScript is used extensively to maximize data validation on the client in order to minimize network traffic and maximize client performance. For some pages that require a more interactive presentation, Java applets and RMI are used to communicate with the application server. Various HTML/JavaScript based wizards are also being developed to assist users in creating and updating various system components, such as contracts, payors, clients, and patients permanent records.

Presentation Tier

The presentation tier is responsible for providing the link between the Client and Business Logic tiers. This is the primary interface to access the XIFIN AR application. XIFIN uses JSP's and servlets to generate HTML for the client tier. JSP's are used to generate the dynamic HTML pages based on the actual data being presented. WebLogic may be configured to operate as the presentation or web server as well as integrate with any other standard server such Apache, Microsoft's Internet Information Server, and Netscape's Enterprise Server.

Servlets are primarily used to control client access to the various JSP and static HTML pages throughout XIFIN AR. They are also used to validate all client requests and to cache frequently used information and thereby decrease EJB and database accesses. As a result system performance is increased.

Business Logic Tier

The XIFIN AR business logic is being developed entirely in Java, utilizing Enterprise Java Beans (EJB) and servlets to host the many business rules. When transactional integrity is required, EJB's are used to meet this requirement.

As one of the benefits of using EJB's, XIFIN AR business objects have the flexibility to be easily configured and deployed on a single or multiple application servers, depending on the client's requirements. If multiple servers are used to implement the business logic tier, the system will support dynamic load balancing for increased performance and fault tolerance by automatically migrating all connections from a failed server to those servers still functioning.

Data Services Tier

The XIFIN AR data services tier supports all XA compliant databases, including all major database servers such as Oracle, SQL Server, DB2, and Informix. XIFIN has chosen Oracle as its preferred database because of its proven stability, superior performance, and exceptional manufacturer support.

The database design and creation is performed using Computer Associate's Erwin/ERX. Using such a database design tool allows XIFIN to implement the Data Services tier on any XA compliant database.

It is also important to note that the Business Logic tier performs all communications with the Data Services tier. This design feature guarantees data integrity and security.

Security

XIFIN AR is designed with the highest degree of security in mind. Using industry standard protocols and software, XIFIN AR may be configured as necessary for the environment in which it will reside. The four areas of security addressed are physical security, network communications security, user authentication and access control, and auditing.

The physical security of the servers is provided by the co-location facility at three levels: (1) Only authorized personnel are allowed access to the facility, (2) All authorized personnel are escorted at all times, and (3) all XIFIN hardware is secured within locked cages.

Network communications security is achieved using router packet filtering and monitored firewalls. All communications and user authentication is implemented using 128-bit SSL encryption.

Database security is controlled using Oracle security services. Only a single user ID is setup per client database with each ID having knowledge of and access to only its respective database schema. At the application level, database access can only be performed through a specific client database connection using the specific user ID assigned to that client. DBA access is strictly controlled and monitored by XIFIN's primary and backup system administrators.

Application security is controlled using WebLogic Security Services and the JAVA Security API. Access control lists (ACL) are assigned to all WebLogic objects including URL's, files, servlets, EJB's, and database connections. User groups are then assigned to specific ACL's. Finally, users are assigned to specific user groups. User and user group assignment control is performed by pre-authorized end user(s) via a security control screen.

Two types of auditing are performed within XIFIN AR: (1) ACL access is logged which provides an audit report as to which user accesses which resources and (2) data auditing is performed logging all record creation and deletions as well as field level modifications.

Finally, XIFIN has contracted external security consultants to perform auditing and regular security conformance checking.

Availability

In the Application Service Provider (ASP) framework, XIFIN has designed XIFIN AR with several redundancies, which will eliminate single points of failure to ensure high system availability.

First, we have a cross-connect to the Internet backbone via several Tier 1 providers. Should one of the Tier 1 Internet Service Providers (ISP) connections fail, we will route all of our messages over the remaining connections.

Next, our firewall connection to the Internet has a hot fail-over device that can be activated instantly if the primary firewall connection should go off-line.

Finally, XIFIN AR runs in a clustered hardware and software environment. This means that there are several Sun Servers with several WebLogic applications running to share the workload, and if either the hardware or software should fail the others will continue to process the workload.

Backup and Recovery

XIFIN performs several types of scheduled backups to ensure complete data recovery. In all cases, backup media is housed at specially constructed access and temperature controlled secure data-vault facilities.

Incremental system and hot database backups are performed on a daily basis. Daily backup media is stored on a four-week rotational basis.

Full system backups, which include a full database backup, are performed on Sunday evenings. Weekly backup media is stored for a period of 3 months.

Finally, full system backups are also performed as part of the end of month process. These end of month backup media are stored for a minimum of 7 years.

Conclusion

Our intent is to provide a "virtual" service bureau across the Internet. We are concentrating on providing a solution that offers interoperability with all potential systems to share data and eliminate redundant processes. We are designing the software using leading open standards that are platform neutral.

These standards and technologies allow a wide variety of different computer systems to communicate over a local network as well as globally over the Internet. Through the use of third party tools we leverage our ability to process transactions from any Java, COM, or CORBA capable system.

We feel that our product will give healthcare providers a competitive advantage in their finance and billing departments, and provide a level of flexibility not available in the market today. The product has been designed with maximum flexibility and consideration towards ever evolving compliance regulations.

Interface Engine

XIFIN chose SeeBeyond's E-Gate integration engine because it offers the best solution for applications requiring scalability and large transaction volumes.

The following is a description of E-Gate. More can be found about E-Gate and Seebeyond at their website.

Platform and Development Overview

Legal Statement

Privacy Statement

Cookies

Information XIFIN Collects

How XIFIN Uses Information

Internet Links (other web sites)

Security

Changes

Contact Us

Client Tier

Presentation Tier

Business Logic Tier

Data Services Tier

Security

Availability

Backup and Recovery

Conclusion

Interface Engine