There are three industry standards for security. We meet all three
Our platform and our common infrastructure are certified as ISO/IEC 27001 compliant. The 27001 standard does not mandate specific information security controls, but the framework and checklist of controls it lays out allow us to ensure a comprehensive and continually improving model for security management.
Federal Information Processing Standards
These federal standards pertain to non-military federal agencies, government contractors, vendors, and other organizations who work with them. The standards state that federal agencies, contractors or vendors must develop and implement cryptographic modules that protect "sensitive but unclassified information." The newest FIPS testing standard, FIPS 140-3, will become effective beginning on Sunday, Sept. 22, 2019. Although there are no penalties for being non-compliant with FIPS regulations, non-compliance does place your organization at a greater risk of data breaches. Patriot Health meets these standards.
There are certain technical guidelines provided at hhs.gov which we seek to implement in our management of client documents and data. We can summarize the government's guidance in these four categories: managing access, auditing access, data integrity and transmission integrity. Patriot Health implemented these HIPPA levels of security.
- We encrypt documents and they can only be accessed by our third party software.
- All documents are safely stored on a HIPPA level security platform protected by TLS (Transport Layer Security) encryption.
- Only those with login credentials can view the forms that have been submitted. We are able to limit access based on user roles and security protocols.
- Each time a user accesses the client data the interface creates a log entry which is stored on our software platform. This is required by HIPAA Regulations to ensure any potential data breach can be back-traced. We have those systems in place.
- Any changes to a clients data is archived for review by our administrative team.
- Our website encrypts data between the website and where we store the client's documents.