Is my data secure? | slptoolkit

Is my data secure?

Yes! We take your data security very seriously.  Here are the specifics on how we protect your data:

 1. Transmission
 
PHI data is always encrypted when it is transmitted over the Internet.
 
a. Transmitted over HTTPS
b. SSL v2 and SSL v3 are not supported
c. TLS 1.0+
d. Ciphers restricted to ONLY those in NIST 800-52 located here: https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html
 
 
 
2. Authentication
 
All user connections to the database are authenticated via x.509 client certificates. Keys are tracked, secured and rotated.
 
 
3. Authorization
 
PHI data is only accessible by authorized personnel using unique, audited access controls. 
 
 
4. Auditing
 
All security changes and CRUD operations are audited. Audit logs are retained for 6 years and stored in a secure remote location.
 
 
5. Encryption
 
All PHI data at rest is encrypted using the industry-standard AES algorithm. 
 
 
6. Backups
 
All PHI data is backed up in snapshots and stored in a secure remote location on the following schedule:
 
Every 6 hours, retained for 2 days
Daily, retained for 7 days
Weekly, retained for 4 weeks
Monthly, retained for 13 months
 
Restoring data requires a two-factor authentication process. To restore data a user must provide their password, as well as a second time-sensitive verification code, delivered during authentication (via voice or text).
 
 
7. Hosting Provider
 
Database and application services are hosted using Joyent’s high-performance cloud. For more information: https://www.joyent.com/networking-and-security/security-compliance.
 
For more information, refer to our Terms of Use and Privacy Policy documents.

© 2015-2017 SLP Toolkit