Security

MULTIPLE LIVE FEATURES FOR BUSINESS AS USUAL

  • In Production Functionality - We already support patient APIs, developer documentation & support, API logging, and member consent workflow for access to clinical EHR data in production, being used by 650+ companies.

  • Business Continuity - All data is stored and backed up in multiple data stores as well as via standard AWS tools for backup and recovery.

  • Logging and Monitoring - Logs are stored in multiple places with both info, warning, and error logs persisted.

  • Based on Proven Technology - We leverage modern cloud best practices to harness the full power each AWS service.

TRIED & TESTED SECURITY + AUTHORIZED ACCESS

  • No Security Breaches - Our HIPAA compliant, SOC 2 audited platform has had no security breaches. We were the only winner of the security (hacking) phase of the HHS Secure FHIR Server Challenge.

  • Role Based Security Access - Auditing and RBAC are provided to manage deployments; we control these rights based on the cloud platform's built in roles and accounts.

  • Security Testing & Tools - Automated penetration tests run against our infrastructure in production. Bug bounty programs are in place for white hat hackers. Multiple code scan tools detect vulnerabilities.

World Class HealthTech Compliance

  • SOC2 Type 2

  • HIPAA

  • Red Flag Rule

  • PCI-DSS

  • NYS Breach

  • Framework for Critical Infrastructure for Cybersecurity

  • HIPAA / Cybersecurity Awareness Employee training

  • Governance, Risk, Compliance (GRC) Program