CJIS Compliant
Meeting FBI Criminal Justice Information Services standards
Eclipse EMR is fully compliant with the FBI's Criminal Justice Information Services (CJIS) Security Policy, ensuring the protection of Criminal Justice Information (CJI) within correctional healthcare environments.
About CJIS Compliance
The Criminal Justice Information Services (CJIS) Security Policy is a comprehensive set of security requirements established by the FBI for any organization that accesses, processes, stores, or transmits Criminal Justice Information (CJI). As a provider of EMR services to correctional facilities, Eclipse EMR adheres to these rigorous standards to protect sensitive criminal justice data.
Policy Areas We Address
Information Exchange Agreements
We maintain formal agreements with all entities that access or exchange CJI through our platform, ensuring proper handling and protection requirements are understood and enforced.
Security Awareness Training
All Eclipse EMR personnel with access to CJI complete comprehensive security awareness training, including initial certification and ongoing refresher training.
Incident Response
We maintain a documented incident response plan that includes procedures for detecting, analyzing, containing, eradicating, and recovering from security incidents involving CJI.
Auditing & Accountability
Comprehensive audit logging captures all access to CJI, including user identification, event type, date/time, and success/failure indicators.
Access Control
Role-based access controls ensure that users can only access CJI necessary for their job functions, with multi-factor authentication required for all CJI access.
Personnel Security
All personnel with unescorted access to CJI undergo fingerprint-based background checks and are subject to ongoing suitability determinations.
Systems & Communications Protection
All CJI in transit is encrypted using FIPS 140-2 validated cryptographic modules. Our systems include boundary protection, intrusion detection, and secure network architecture.
Authentication Requirements
In accordance with CJIS requirements, Eclipse EMR implements Advanced Authentication (AA) for all access to CJI:
- Multi-factor authentication combining something you know, something you have, or something you are
- Session timeout after 30 minutes of inactivity
- Account lockout after 5 consecutive failed login attempts
- Strong password requirements with regular rotation
- Unique user identification for audit trail purposes
Encryption Standards
All CJI processed by Eclipse EMR is protected using encryption that meets or exceeds CJIS requirements:
Data at Rest
AES-256 encryption for all stored CJI using FIPS 140-2 validated modules
Data in Transit
TLS 1.2 or higher for all data transmission with certificate validation
Physical Security
Our data centers and facilities that process CJI are protected by multiple layers of physical security including 24/7 surveillance, biometric access controls, mantrap entries, security personnel, and visitor logging. All physical security measures comply with CJIS physical protection requirements.
Media Protection
We maintain strict controls over all media containing CJI, including secure storage, tracking, sanitization before reuse, and destruction procedures that meet NIST SP 800-88 guidelines.
Compliance Verification
Eclipse EMR undergoes regular security assessments and audits to verify ongoing compliance with the CJIS Security Policy. We welcome audits by customer agencies and state CJIS Systems Officers (CSOs) to verify our compliance posture.
Contact Our Security Team
For questions about our CJIS compliance program or to request security documentation, please contact:
Eclipse EMR Security & Compliance Team
Email: sales@eclipsemr.com
Phone: +1 800-442-5441
Address: 2058 Classique Ln, Tavares, FL 32778, United States