Security

MULTIPLE LIVE FEATURES FOR BUSINESS AS USUAL

    In Production Functionality - We already support patient APIs, developer documentation & support, API logging, and member consent workflow for access to clinical EHR data in production, being used by 650+ companies.
    Business Continuity - All data is stored and backed up in multiple data stores as well as via standard AWS tools for backup and recovery.
    Logging and Monitoring - Logs are stored in multiple places with both info, warning, and error logs persisted.
    Based on Proven Technology - We leverage modern cloud best practices to harness the full power each AWS service.

TRIED & TESTED SECURITY + AUTHORIZED ACCESS

    No Security Breaches - Our HIPAA compliant, SOC 2 audited platform has had no security breaches. We were the only winner of the security (hacking) phase of the HHS Secure FHIR Server Challenge.
    Role Based Security Access - Auditing and RBAC are provided to manage deployments; we control these rights based on the cloud platform's built in roles and accounts.
    Security Testing & Tools - Automated penetration tests run against our infrastructure in production. Bug bounty programs are in place for white hat hackers. Multiple code scan tools detect vulnerabilities.

World Class HealthTech Compliance

    SOC2 Type 2
    HIPAA
    Red Flag Rule
    PCI-DSS
    NYS Breach
    Framework for Critical Infrastructure for Cybersecurity
    HIPAA / Cybersecurity Awareness Employee training
    Governance, Risk, Compliance (GRC) Program
Last modified 8mo ago