Legal Statement

Copyrights
Copyrights on the documents on www.xifin.com are owned by XIFIN, Inc. or by individual contributors as specified therein.

Disclaimer
Any information available through this site: www.xifin.com, (including information accessed through a web site referenced or linked from this site), is provided for your information and convenience only.

XIFIN does not evaluate and does not guarantee the accuracy or completeness of any such information, and publication and distribution such information does not imply endorsement by XIFIN. XIFIN strives to protect control of this www.xifin.com, within the constraints of current Internet technology. However, you must be aware, it is possible that third parties may obtain unauthorized access to this www.xifin.com. You agree to use www.xifin.com and submit information at your own risk. You agree that XIFIN has no liability with respect to any unauthorized access by third parties.

INFORMATION ON WWW.XIFIN.COM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU.

INFORMATION ON WWW.XIFIN.COM MAY INCLUDE TECHNICAL OR OTHER INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO WWW.XIFIN.COM WITHOUT NOTICE. XIFIN MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCTS DESCRIBED ON WWW.XIFIN.COM AT ANY TIME WITHOUT NOTICE.

XIFIN shall not be liable to any party for any direct, indirect, special or other consequential damages for any use of www.xifin.com website, or on any other hyperlinked web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system or otherwise, even if XIFIN is expressly advised of the possibility of such damages.

You should not rely upon the information provided on www.xifin.com to make commercial decisions. You should contact XIFIN directly to obtain current information related to XIFIN, including information regarding XIFIN products and services.

Trademarks
XIFIN is a registered trademark of XIFIN, Incorporated.

Certain other product names, brand names and company names mentioned in this site may be trademarks of their respective owners.

Contact Us

Privacy Statement

XIFIN is committed to protecting your privacy when you visit www.xifin.com. This Privacy Statement explains what information XIFIN gathers from this web site, how XIFIN uses this information and how it is protected by XIFIN. If you have any questions, please contact XIFIN.

Information XIFIN collects

If you request information from www.xifin.com through e-mail forms, XIFIN asks for and stores the business-related information you provide (such as name, e-mail, corporate profile and phone numbers) to assist XIFIN in responding to your request. This information is used for business contact only. Sometimes XIFIN needs specific personal information to register before entering a limited-access portion of XIFIN. In those situations, you will be directed to another statement of privacy that explains data collection and use in those situations.

If you apply for a job at XIFIN, additional information about you may be requested. This information is used for employment consideration only. Unless you request otherwise, XIFIN keeps this information for future consideration.

How XIFIN uses information

A unique identifier for your computer (IP addresses) and other non-personal data elements (Cookies) are used to track your visit to XIFIN.

This information is used to administer the XIFIN web site. This information may also be used to gather broad demographic information, compile aggregate statistics about the number of visitors to XIFIN and other "site behavior" information.

Cookies
Cookies are used to identify which computer you are using (brand and processing type and speed, connection, etc.), assist in the navigation of the XIFIN web site and remembering computer settings. Cookies are not permanently maintained within our tracking system. You may prevent your computer from accepting cookies by modifying the properties on your web browser; however, stopping your computer from accepting cookies may limit your functionality on the XIFIN web site.

Cookies are also used to pre-fill forms so that you do not need to re-enter the data. Accepting a cookie does not give XIFIN access to your computer or any personal information about you.

Clear gifs
Web beacons, also known as clear gif technology or action tags, assist in delivering cookies. This technology tells XIFIN how many visitors clicked on key elements (such as links or graphics) on a XIFIN web page. XIFIN does not use this technology to access your personally identifiable information; it is a tool XIFIN may use to compile aggregated statistics to provide feedback to web designers, content providers or business managers to assist them in improving the XIFIN web site. XIFIN does not share tracking information with other unaffiliated companies, and XIFIN does not allow other companies to place clear gifs on XIFIN.

Opting out
XIFIN uses the contact information to provide you with the information you requested about XIFIN.

At www.xifin.com, you can register to received e-mails for information that interests you, such as the e-Newsletter. XIFIN only offers "opt-in" lists; that is, you may sign-up and sign-off at any time. To unsubscribe, simply reply to the e-mail address at the bottom of the e-mail sent to you.

Internet Links (other web sites)
This Privacy Statement applies only to www.XIFIN.com. As a convenience to you, the XIFIN web site contains links to other sites that may provide useful information. XIFIN has no control over the privacy policies or practices of these other sites, and is not responsible for the privacy practices or content of web sties to which XIFIN links, list, rank or identify by means of a search. XIFIN takes no responsibility for the products, services, policies or actions of third parties or the content of third party web sites. XIFIN encourages you to be aware when you are leaving the XIFIN site and to learn the privacy policies of each web site you visit before providing information.

Security
XIFIN has security measures in place intended to protect the loss, misuse and alteration of the information under the control of XIFIN. XIFIN takes the necessary steps to securely store personal information that is submitted via the www.xifin.com web site.

Changes
XIFIN reserves the right to change, modify, add or remove portions of this Privacy Statement at any time, but will alert you that changes have been made by indicating on the Privacy Statement the date it was last updated. When you visit this web site you are accepting the current version of this Privacy Statement as posted on the site at that time. XIFIN recommends that you re-visit this Privacy Statement on occasion to learn of any changes.

This Privacy Statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Last revised: December 1, 2004

Contact Us
XIFIN looks forward to communicating with you. Should you have questions or concerns about this Privacy Statement, please use the contact link below.

Contact Us

Client Tier

The client tier is browser based, supporting Internet Explorer 5+ and consisting primarily of JSP generated HTML and JavaScript. Browser-based client architecture was selected in order to provide MARS users with a "no-deployment" strategy, client hardware independence, and "zero-maintenance" solution.

JavaScript is used extensively to maximize data validation on the client in order to minimize network traffic and maximize client performance. For some pages that require a more interactive presentation, Java applets and RMI are used to communicate with the application server. Various HTML/JavaScript based wizards are also being developed to assist users in creating and updating various system components, such as contracts, payors, clients and patients permanent records.

Presentation Tier

The presentation tier is responsible for providing the link between the Client and Business Logic tiers. This is the primary interface to access the MARS application. XIFIN^® uses JSP's and servlets to generate HTML for the client tier. JSP's are used to generate the dynamic HTML pages based on the actual data being presented. WebLogic may be configured to operate as the presentation or web server as well as integrate with any other standard server such Apache, Microsoft's Internet Information Server, and Netscape's Enterprise Server.

Servlets are primarily used to control client access to the various JSP and static HTML pages throughout MARS. They are also used to validate all client requests and to cache frequently used information and thereby decrease EJB and database accesses. As a result system performance is increased.

Business Logic Tier

The MARS business logic is being developed entirely in Java, utilizing Enterprise Java Beans (EJB) and servlets to host the many business rules. When transactional integrity is required, EJBs are used to meet this requirement.

As one of the benefits of using EJBs, MARS business objects have the flexibility to be easily configured and deployed on a single or multiple application servers, depending on the client's requirements. If multiple servers are used to implement the business logic tier, the system will support dynamic load balancing for increased performance and fault tolerance by automatically migrating all connections from a failed server to those servers still functioning.

Data Services Tier

The MARS data services tier supports all XA compliant databases, including all major database servers such as Oracle, SQL Server, DB2, and Informix. XIFIN^® has chosen Oracle as its preferred database because of its proven stability, superior performance, and exceptional manufacturer support.

The database design and creation is performed using Computer Associate's Erwin/ERX. Using such a database design tool allows XIFIN^® to implement the Data Services tier on any XA compliant database.

It is also important to note that the Business Logic tier performs all communications with the Data Services tier. This design feature guarantees data integrity and security.

Secuirity

MARS is designed with the highest degree of security in mind. Using industry standard protocols and software, MARS may be configured as necessary for the environment in which it will reside. The four areas of security addressed are physical security, network communications security, user authentication and access control, and auditing.

The physical security of the servers is provided by the co-location facility at three levels: (1) Only authorized personnel are allowed access to the facility, (2) All authorized personnel are escorted at all times, and (3) all XIFIN^® hardware is secured within locked cages.

Network communications security is achieved using router packet filtering and monitored firewalls. All communications and user authentication is implemented using 128-bit SSL encryption.

Database security is controlled using Oracle security services. Only a single user ID is configured per client database with each id having knowledge of and access to only its respective database schema. At the application level, database access can only be performed through a specific client database connection using the specific user ID assigned to that client. DBA access is strictly controlled and monitored by XIFIN's primary and backup system administrators.

Application security is controlled using WebLogic Security Services and the JAVA Security API. Access control lists (ACL) are assigned to all WebLogic objects including URL's, files, servlets, EJBs, and database connections. User groups are then assigned to specific ACL's. Finally, users are assigned to specific user groups. User and user group assignment control is performed by pre-authorized end user(s) via a security control screen.

Two types of auditing are performed within MARS: (1) ACL access is logged which provides an audit report as to which user accesses which resources and (2) data auditing is performed logging all record creation and deletions as well as field level modifications.

Finally, XIFIN^® has contracted external security consultants to perform auditing and regular security conformance checking.

Availability

In the Application Service Provider (ASP) framework, XIFIN^® has designed MARS with several redundancies, which will eliminate single points of failure to ensure high system availability.

First, we have a cross-connect to the Internet backbone via several Tier 1 providers. Should one of the Tier 1 Internet Service Providers (ISP) connections fail, we will route all of our messages over the remaining connections.

Next, our firewall connection to the Internet will have a hot fail-over device that can be activated instantly if the primary firewall connection should go off-line.

Finally, MARS runs in a clustered hardware and software environment. This means that there are several Sun Servers with several WebLogic applications running to share the workload, and if either the hardware or software should fail the others will continue to process the workload.

Backup and Recovery

XIFIN^® performs several types of scheduled backups to ensure complete data recovery. In all cases, backup media is housed at specially constructed access and temperature controlled secure data-vault facilities.

Incremental system and hot database backups are performed on a daily basis. Daily backup media is stored on a four-week rotational basis.

Full system backups, which include a full database backup, are performed on Sunday evenings. Weekly backup media is stored for a period of 3 months.

Finally, full system backups are also performed as part of the end of month process. These end–of–month backup media are stored for a minimum of 7 years.

Conclusion

Our intent is to provide a "virtual" service bureau across the Internet. We are concentrating on providing a solution that offers interoperability with all potential systems to share data and eliminate redundant processes. We are designing the software using leading open standards that are platform neutral.

These standards and technologies allow a wide variety of different computer systems to communicate over a local network as well as globally over the Internet. Through the use of third party tools we leverage our ability to process transactions from any Java, COM, or CORBA capable system.

We feel that our product will give healthcare providers a competitive advantage in their finance and billing departments, and provide a level of flexibility not available in the market today. The product has been designed with maximum flexibility and consideration towards ever evolving compliance regulations.

Transaction Partners

Clearinghouses

MedaVant

Per-Se

NDC

WebMD

Scanning and OCR

FisaCure

Matrix Imaging
Solutions

Skip Trace

Search America

TevixMD

Legal Statement

Privacy Statement

Information XIFIN collects

How XIFIN uses information

Client Tier

Presentation Tier

Business Logic Tier

Data Services Tier

Secuirity

Availability

Backup and Recovery

Conclusion

Transaction Partners

Clearinghouses

MedaVant

Per-Se

NDC

WebMD

Scanning and OCR

FisaCure

Matrix Imaging Solutions

Skip Trace

Search America

TevixMD

Legal Statement

Privacy Statement

Information XIFIN collects

How XIFIN uses information

Client Tier

Presentation Tier

Business Logic Tier

Data Services Tier

Secuirity

Availability

Backup and Recovery

Conclusion

Matrix Imaging
Solutions