Our Technology

LithoTrac is built on a modern, secure, and reliable technology stack designed to keep your clinical data safe and accessible from anywhere.

Cloud-Hosted Platform

Securely hosted in a Tier-1 U.S. data center with 24/7 monitoring, redundant power, and enterprise-grade network infrastructure.

End-to-End Encryption

All data is transmitted over SSL/TLS. Role-based access control ensures each user sees only the data they are authorized to access.

Continuous Evolution

Originally developed in 1995, LithoTrac has been continuously refined based on direct customer feedback to meet the evolving needs of lithotripsy professionals.

Infrastructure & Security FAQ

LithoTrac is a web-based application built on the Microsoft .NET platform with a SQL Server database backend. It is accessible from any modern browser with no client software to install or maintain.

LithoTrac is hosted in a professionally managed U.S.-based data center equipped with multi-layer physical security, biometric access controls, redundant power and cooling systems, and 24/7 network monitoring by dedicated engineering staff.

The facility includes intrusion detection and prevention systems, fire and smoke detection, water leak detection, uninterruptible power supplies (UPS), and backup generators. No unauthorized devices can be connected to the network without explicit approval.

No. Direct database access via ODBC, Microsoft Access, Excel, or any other external application is not permitted. All data access is mediated exclusively through the authenticated LithoTrac web interface.

Application Security

Every user authenticates with a unique email and password. Access is scoped to a specific partnership or site, ensuring strict data isolation between organizations. There is no cross-tenant data visibility.

Yes. All communication between your browser and LithoTrac is encrypted using industry-standard SSL/TLS protocols.

LithoTrac enforces strong password policies: minimum 8 characters, at least one number, and at least one special character. Passwords expire on a configurable schedule (30, 60, or 90 days), and users are prompted to create a new password upon expiration.

User provisioning is tightly controlled. Only designated primary and secondary contacts at each organization can authorize adding, modifying, or deactivating user accounts. All requests require written authorization. Employee accounts can be immediately deactivated upon suspension or termination.

Read more about our HIPAA compliance practices, or see the full feature list.