Security
- In Production Functionality - We already support patient APIs, developer documentation & support, API logging, and member consent workflow for access to clinical EHR data in production, being used by 650+ companies.
- Business Continuity - All data is stored and backed up in multiple data stores as well as via standard AWS tools for backup and recovery.
- Logging and Monitoring - Logs are stored in multiple places with both info, warning, and error logs persisted.
- Based on Proven Technology - We leverage modern cloud best practices to harness the full power each AWS service.
- No Security Breaches - Our HIPAA compliant, SOC 2 audited platform has had no security breaches. We were the only winner of the security (hacking) phase of the HHS Secure FHIR Server Challenge.
- Role Based Security Access - Auditing and RBAC are provided to manage deployments; we control these rights based on the cloud platform's built in roles and accounts.
- Security Testing & Tools - Automated penetration tests run against our infrastructure in production. Bug bounty programs are in place for white hat hackers. Multiple code scan tools detect vulnerabilities.
- SOC2 Type 2
- HIPAA
- Red Flag Rule
- PCI-DSS
- NYS Breach
- Framework for Critical Infrastructure for Cybersecurity
- HIPAA / Cybersecurity Awareness Employee training
- Governance, Risk, Compliance (GRC) Program
Last modified 2yr ago