Yes! We take your data security very seriously. Here are the specifics on how we protect your data:
PHI data is always encrypted when it is transmitted over the Internet.
a. Transmitted over HTTPS
b. SSL v2 and SSL v3 are not supported
c. TLS 1.0+
All user connections to the database are authenticated via x.509 client certificates. Keys are tracked, secured and rotated.
PHI data is only accessible by authorized personnel using unique, audited access controls.
All security changes and CRUD operations are audited. Audit logs are retained for 6 years and stored in a secure remote location.
All PHI data at rest is encrypted using the industry-standard AES algorithm.
All PHI data is backed up in snapshots and stored in a secure remote location on the following schedule:
Every 6 hours, retained for 2 days
Daily, retained for 7 days
Weekly, retained for 4 weeks
Monthly, retained for 13 months
Restoring data requires a two-factor authentication process. To restore data a user must provide their password, as well as a second time-sensitive verification code, delivered during authentication (via voice or text).
7. Hosting Provider
© 2015-2018 SLP Toolkit