KB877 Print this KB      
How is the InfraWare 360 platform secure?

Answer / Solution

Security and Compliance Overview

This KB article provides guidance related to the InfraWare 360 healthcare documentation platform’s security and compliance practices.  The platform is a collection of user applications that communicate with a set of web services and a core database.

Communication

The primary exposure of Internet-enable applications is to data in transit.  All communication between InfraWare apps and web services (servers) is secured using HTTPS with SHA-256 Encryption.  This very strong encryption ensures that, even if a third party were to intercept communication, the content they collect would be indecipherable for all practical purposes.

Datacenter

The next most concerning exposure for Internet hosted platforms would be the datacenter where servers and associate data are stored and processed.

InfraWare relies primarily on the Expedient datacenter infrastructure.  These sites are protected by Juniper firewalls and web server load balancers.  In addition:

1.    Engineers are on-site 24 hours per day, 7 days per week, 365 days per year.
2.    Performance and traffic of data centers and Internet uplinks are monitored.
3.    Predictive monitoring identifies problems before service is impacted
4.    Physical security includes a single point of entry and exit and a man trap with key-card and bio-metric hand scanner.
5.    The data center honors a variety of industry and government mandates including HIPAA, PCI DSS and SOX, supported by third-party SSAE 16/SOC attestation reports.

Server operating systems, applications and policies are systematically updated to address the latest security threats.

To ensure reliable uptime InfraWare contracts with third party experts to monitor and report platform availability.  To ensure effective ongoing security a separate third party vendor performs and reports on penetration tests.

Process

InfraWare maintains an active, ongoing HIPAA compliance program that includes documentation, logging and recurrent HIPAA compliance training for the entire workforce.

Geofiltering

Geofiltering is in place at the data center to block traffic to/from Russia, N. Korea, and China.


Attachments
InfraWare Security & Compliance Overview.pdf (84.2Kb)

Related KBs
Are InfraWare Dictation and InfraWare Dictation for iOS secure and HIPAA Compliant?
InfraWare Mobile for iOS Security
Is InfraWare Dictation for Android secure and HIPAA compliant?
InfraWare Mobile for Android Security

Direct Link to This KB
https://www.infraware.com/KB/?f=877

Last Updated
Wednesday, May 2, 2018

Tags
security compliance HIPAA KB877
How would you rate this article?

Poor
1
2
3
4
5

Great
Submit

Back to Top