Links
Comment on page

Security

MULTIPLE LIVE FEATURES FOR BUSINESS AS USUAL

  • In Production Functionality - We already support patient APIs, developer documentation & support, API logging, and member consent workflow for access to clinical EHR data in production, being used by 650+ companies.
  • Business Continuity - All data is stored and backed up in multiple data stores as well as via standard AWS tools for backup and recovery.
  • Logging and Monitoring - Logs are stored in multiple places with both info, warning, and error logs persisted.
  • Based on Proven Technology - We leverage modern cloud best practices to harness the full power each AWS service.

TRIED & TESTED SECURITY + AUTHORIZED ACCESS

  • No Security Breaches - Our HIPAA compliant, SOC 2 audited platform has had no security breaches. We were the only winner of the security (hacking) phase of the HHS Secure FHIR Server Challenge.
  • Role Based Security Access - Auditing and RBAC are provided to manage deployments; we control these rights based on the cloud platform's built in roles and accounts.
  • Security Testing & Tools - Automated penetration tests run against our infrastructure in production. Bug bounty programs are in place for white hat hackers. Multiple code scan tools detect vulnerabilities.

World Class HealthTech Compliance

  • SOC2 Type 2
  • HIPAA
  • Red Flag Rule
  • PCI-DSS
  • NYS Breach
  • Framework for Critical Infrastructure for Cybersecurity
  • HIPAA / Cybersecurity Awareness Employee training
  • Governance, Risk, Compliance (GRC) Program