FormFox is a web-based software application utilized by drug testing collection sites and on-site collectors for managing the specimen collection process and associated record keeping, administrative and management tasks. Of the many ways FormFox enhances the specimen collection process there are two key improvements over the traditional paper form process. First, FormFox provides a mandatory procedural template that guides the collector step-by-step and validates entry and suitability of required data. Second, FormFox generates an accurate and complete Custody and Control Form (CCF) that can be distributed in either an electronic or paper format, ensuring downstream parties such as the laboratory and Medical Review Officer can complete the drug test in a defensible and timely manner.
FormFox is a “restricted open” electronic CCF system, meaning it is capable of handling specimen collection and testing events on behalf of many different laboratories and service agents, provided they are registered FormFox partners. FormFox is most widely used by providers that collect specimens for more than one laboratory or service provider, such as an occupational health clinic. FormFox can also be “private labeled” for exclusive-use environments, such as laboratory-owned patient service centers. FormFox was developed by Compliance Information Systems, Inc. (CIS), a leading provider of data management solutions in the drug testing industry since 1993. CIS provides all ongoing development, support, and hosting of the FormFox application.
FormFox handles a wide variety of specimen collection procedures:
- Laboratory-based urine specimens.
- Laboratory-based hair specimens.
- Laboratory-based oral fluid specimens.
- Laboratory-based blood specimens.
- Instant (POCT) tests using urine specimens.
For all of the above, FormFox guides the collector through the appropriate specimen collection procedure and generates a custody and control form (CCF) in accordance with account-specific information provided by the testing laboratory. Client instructions include the laboratory account number, type of specimen, and any associated client demographic information required for the collector to perform the procedure and generate a valid CCF. FormFox can generate both electronic and paper CCFs, according to the needs of the participating laboratory, MRO, donor, and employer.
FormFox can also accept and disseminate donor and test demographic information. This allows employers and service providers to “order” specimen collection services from FormFox-enabled facilities, which greatly reduces data entry and procedural errors at the collection site. It also facilitates more accurate data management and event tracking for laboratories and MROs by eliminating errors inherent with manual data entry.
Back to Top
FormFox Security Considerations
Data security is a predominant concern for any viable electronic CCF application environment, and FormFox adheres to the most stringent security standards and best practices for information technology systems.
The use of computing devices at the collection site has prompted concerns regarding the security of the data being gathered and the liabilities that may be put upon the collection site owners as they utilize these computing resources.
The architecture of the FormFox system minimizes the security concerns from system access vulnerability to the methods of passing data during the collection process. Application security as well as system security concerns will be explained in this document.
Back to Top
Any access into the FormFox system requires username and password authentication. Authentication occurs on the web server. There is no local tablet or desktop app processing. The tablet app is essentially a browser instance on the tablet device. Interfaces with the tablet camera and signature capabilities are handled by the FormFox app. Data from these devices are streamed to the server. All other FormFox processing occurs on the web server.
FormFox has the following requirements for user passwords in the system:
- Minimum of 8 Characters in length.
- Contain at least 1 letter and 1 number.
- Cannot be the same as your last password.
- Cannot be the same as your username.
FormFox also makes use of a security Question and answer that are associated with the user login. When a user wants to change or reset the password on their account they must first answer the security question correctly before they are allowed to make the change.
FormFox logs all user authentication activity in the system audit which allows site admin users the ability to review login and login attempts.
Passwords in FormFox expire after 90 days and must be changed by the user or site administrator.
Passwords are stored in the FormFox database in an encrypted format.
Users’ permissions are assigned to specifically reflect that user’s role in the collection process and can be restricted by test type and administrative duties.
All user actions in the collection process and changes to user permissions are permanently logged and auditable.
Back to Top
Web Based Transactions
The FormFox system architecture is based up the web model of Server – Client communications. FormFox is a Web based application that uses 128 bit Secure Socket Layer (SSL) encryption for passing sensitive data from the Web Browser application on the local computing device to the FormFox Web Server. All data is encrypted at every step of the process both in storage and in transmission.
Back to Top
Many web browsers offer an “Auto Complete” feature that allows the browser to save information locally on the browser such as passwords so that the user doesn’t need to re-enter the password when they want to login to a particular web site. The FormFox web site disables this feature and requires the user to always enter their password for authentication purposes.
Some web sites will also store cookies on the local computing device to “remember” information entered during the browser session on that site. FormFox does not utilize cookies for any functions on the web site.
Back to Top
Image and Document Data
FormFox requires the collector and donor to sign their respective affidavits with a digitized signature capture device. Digitized signatures are considered image data. The digitized signature image data that is acquired in FormFox with tablet applications or desktop signature-capture peripherals are written so that the data is streamed directly to the web server and there is never a copy of the image stored on the collector’s computing device. The electronically-captured signature is embedded in an encrypted chain of custody document and there is no image file of the signature itself. This encrypted document is stored on the secure servers. If the collection site’s computer device were to be misplaced or stolen, there would be no Personal Identifying Information (PII) at risk.
FormFox generates five (5) distinct encrypted documents for each Federal collection event:
- COPY 1: Laboratory Copy.
- COPY 2: MRO Copy.
- COPY 3: Collector Copy.
- COPY 4: Employer Copy.
- COPY 5: Employee Copy.
Each of these encrypted PDFs is indexed to the unique FormFox transaction ID number and the unique FormFox Specimen ID obtained from the security seals used for the collection event. All Copies are rendered at the time of the collection event and cannot be changed or altered. COPY 2 of the CCF is automatically transmitted to the designated MRO via web service, secure web site access, or secure fax.
The Employer Copy can be transmitted in the same fashion or printed by the collection site for physical delivery to the employer.
FormFox provides the donor the option of receiving the Employee Copy via secure email, SMS, or printed copy at the time of collection. All copies of the FormFox CCF are stored for 7 years in the FormFox database and can be retrieved by those authorized to do so (labs, MROs, collectors, employers, and employees). All FormFox documents are stored as encrypted PDFs and access control is governed as described in this document.
Back to Top
As part of periodic security reviews FormFox is subject to penetration testing to analyze vulnerabilities and prevent malicious attempts to access the FormFox web Site. This testing is conducted both by CIS and by outside entities that conduct testing and security audits without CIS’s prior knowledge and provides feedback to CIS concerning the results of these tests and audits.
Back to Top
Release Process and Patch Management
FormFox is updated regularly to ensure proper functionality, provide enhancements to the collection process and address potential security risks. Programmatic work is done in a development environment at CIS that is subjected to multiple rounds of both manual and automated testing before being updated to the production site and apps. This testing encompasses both functional aspects of FormFox and analyzes potential security risks before any programmatic changes are made live. Between full releases patches may be implemented to immediately address any functional problems or security vulnerabilities.
Back to Top
The computing devices that will be using FormFox are accessing the internet through the collection site’s internal network. Network security policy is based upon the owner’s network security policy.
The credentials used to access the computing device as well as web site access permissions are determined by the owner of the network and are managed by that owner’s system administration staff. The network owner is responsible for network and device security. CIS can assist network and device owners and operators in assessing the suitability of their organization’s security.
Back to Top
Physical Security and Hosting Environment
FormFox’s primary hosting facility is a secure data center owned and operated by CIS that adheres to strict SSAE 16 Type II guidelines and subject to AIPCA/SOC security audits.
These controls include, but are not limited to:
- Perimeter fencing with secure and audited entry points.
- Audited biometric access to data center.
- Strict vetting of all employees and visitors to the facility.
- 24-hour video surveillance.
- On-site security personnel and systems monitoring 24 hours per day, 365 days per year.
- Automatic emergency power generation.
- Continuous cooling.
- Lightning protection.
There is a contracted disaster-recovery co-location site that adheres to the same stringent standards.
Back to Top