We built Oathtrack on our HIPAA compliant platform.
The three components of a secure cloud software platform.
— Computing Infrastructure
— Application Design
— Best Practices
We have implemented the recommendations of National Institute of Standards and Technology (NIST) and Federal Information Processing Standard (FIPS) so our data is encrypted at rest using AES encryption with 256-bit keys
We use 3 encryption algorithms: RSA, DSA, and ECC within the same SSL certificate. Frequently refreshing SSL security certificates as well as vulnerability assessment and daily website malware scanning to help protect our site from hackers.
Transmitted data and PHI is encrypted using strong TLS 1.2 and uses AES_256_CBC, with SHA256 with RSA 2048 bits for message authentication and ECDHE_RSA as the key exchange mechanism.
SSH access to application environments is configured per the Center for Internet Security (CIS) benchmark recommendations.
Network traffic can be restricted to specific whitelisted IP addresses or VPN connections on a per environment basis.
Intrusion attempts are automatically identified and blocked on a per IP address basis for a significant duration of time, mitigating SSH dictionary attacks and other malicious behavior.
Our software is hosted on the HIPAA compliant cloud servers of Amazon Web Services.
All data stored in Oathtrack is safe and recoverable, protecting customers against accidental loss or mistakes.
Database backups are encrypted and stored in a highly durable storage infrastructure (99.999999999% durability and 99.99% availability).
Disk volumes leverage a fault-tolerant, high-availability storage system.
Nightly snapshots create a backup of each disk volume.
For data integrity purposes, database backups are automatically enabled based on a consistent schedule, sensible rotation, and retention policy.
Oathtrack is able to ensure that a unique username and password combination is the only access point for a given secure site, in this case the Oathtrack user profile and associated resident charts.
As long as a user does not disclose their username and password to any unauthorized representative, their data is safe and secure.
Analysis of intrusion detection system data for anomalous activity and system issues
Audits of firewall rules and IP address whitelists
Review of published vulnerabilities and exposures
HIPAA compliance requires a number of best practices to be established and maintained internally at your business.
We help you handle that by centralizing your information in Oathtrack.
Access control to our system is managed through our user roles.
Each employee is assigned a user role when they are added and are governed by permissions.