Security
In Production Functionality - We already support patient APIs, developer documentation & support, API logging, and member consent workflow for access to clinical EHR data in production, being used by 650+ companies.
Business Continuity - All data is stored and backed up in multiple data stores as well as via standard AWS tools for backup and recovery.
Logging and Monitoring - Logs are stored in multiple places with both info, warning, and error logs persisted.
Based on Proven Technology - We leverage modern cloud best practices to harness the full power each AWS service.
No Security Breaches - Our HIPAA compliant, SOC 2 audited platform has had no security breaches. We were the only winner of the security (hacking) phase of the HHS Secure FHIR Server Challenge.
Role Based Security Access - Auditing and RBAC are provided to manage deployments; we control these rights based on the cloud platform's built in roles and accounts.
Security Testing & Tools - Automated penetration tests run against our infrastructure in production. Bug bounty programs are in place for white hat hackers. Multiple code scan tools detect vulnerabilities.
SOC2 Type 2
HIPAA
Red Flag Rule
PCI-DSS
NYS Breach
Framework for Critical Infrastructure for Cybersecurity
HIPAA / Cybersecurity Awareness Employee training
Governance, Risk, Compliance (GRC) Program