Security and Compliance Overview
This KB article provides guidance related to the InfraWare 360 healthcare documentation platform’s security and compliance practices. The platform is a collection of user applications that communicate with a set of web services and a core database.
The primary exposure of Internet-enable applications is to data in transit. All communication between InfraWare apps and web services (servers) is secured using HTTPS with SHA-256 Encryption. This very strong encryption ensures that, even if a third party were to intercept communication, the content they collect would be indecipherable for all practical purposes.
The next most concerning exposure for Internet hosted platforms would be the datacenter where servers and associate data are stored and processed.
InfraWare relies primarily on the Expedient datacenter infrastructure. These sites are protected by Juniper firewalls and web server load balancers. In addition:
1. Engineers are on-site 24 hours per day, 7 days per week, 365 days per year.
2. Performance and traffic of data centers and Internet uplinks are monitored.
3. Predictive monitoring identifies problems before service is impacted
4. Physical security includes a single point of entry and exit and a man trap with key-card and bio-metric hand scanner.
5. The data center honors a variety of industry and government mandates including HIPAA, PCI DSS and SOX, supported by third-party SSAE 16/SOC attestation reports.
Server operating systems, applications and policies are systematically updated to address the latest security threats.
To ensure reliable uptime InfraWare contracts with third party experts to monitor and report platform availability. To ensure effective ongoing security a separate third party vendor performs and reports on penetration tests.
InfraWare maintains an active, ongoing HIPAA compliance program that includes documentation, logging and recurrent HIPAA compliance training for the entire workforce.
Geofiltering is in place at the data center to block traffic to/from Russia, N. Korea, and China.