Privacy & Data Security
Discover how 1upHealth keeps your health information safe, confidential and secure
World Class Standards
1upHealth prides itself in having excellent standards
From compliance to cybersecurity certifications, we follow best practices and ensure information is always secure.
All personal health information is protected through encryption on our cloud-based infrastructure.
We are a SOC 2 Type 2 audited company. Our information security policies follow the AICPA’s Trust Services Principles of security and privacy.
We use OAuth 2.0 authentication standards to delegate authorization decisions across our network of web applications and APIs.
We follow common standards, including the Red Flags Rule, the Payment Card Industry Data Security Standard (PCI-DSS), and NIST’s voluntary Cybersecurity Framework.
Security is our top priority
AWS Cloud Serverless platform
Our platform hosts and stores data in compliance with HIPAA guidelines and enables malicious software detection capabilities. It also offers an AWS cloud trail, which allows for powerful auditing and logging of all activity
Operational security
Our staff goes through HIPAA and Cybersecurity Awareness Employee training before gaining access to industry information. All employees learn to comply with our company Information Security Policy
End-to-end encryption
All data is encrypted at rest and in transit with AES-256 cyphers and TLS 1.2 (or higher). The data is stored and transferred securely
Business continuity
All data in all environments are stored and backed up in multiple data stores and replicated across multiple availability zones to allow for backup and recovery. This is done via standard AWS tools
Role-based Access Control (RBAC)
Our system is restricted and only authorized users can obtain access. We automatically audit the access policies to make sure that accounts only have access to information they are authorized for
Secure Software Development Lifecycle
Our engineering process involves secure coding practices at all levels of development, from planning to post production. Security reviews are done at all levels using an iterative process
Quarterly Security Testing & Tools
We regularly test the security and accuracy of our web applications and APIs to confirm best practice and optimal functionality.
Risk and Incident Management
We have had no security breaches to date. We make the necessary changes to mitigate any vulnerabilities, as per our Disaster Recovery Policy. We also track and resolve bug reports using GitHub
Last Updated: July 12, 2021.
