MTI has modeled its security process against the HIPAA standard. In addition to the physical security that protects computers and databases, we have a variety of protocols in place such as: requiring workstations to become password locked after five minutes of inactivity; limiting logical access to database systems to the appropriate personnel; limiting access to certain database systems to certain physical workstations; requiring all personnel to be familiar with the security rules at MTI; recurring training of personnel on security rules; discouraging the use of paper printouts of client data containing any personal information and requiring the shredding of any printouts that do contain data of a personal nature. Additionally, as a matter of policy, MTI will release client information to a third party only when required by law.