How is PHI protected?
– End-User device security
No patient information is permanently stored or cached on mobile devices.
All communications from the End-User device to the medCLOUD cloud platform are via encrypted TLS 1.3 connections with only the strongest cyphers enabled.
End-User devices must be Activated prior to use before they can connect to any medCLOUD services to prevent man-in-the-middle attacks.
All traffic is secured with rapidly rotating session tokens with a short expiration window to minimize the attack surface.
Automatic user logout after a configurable period of inactivity.
Password complexity requirements are enforced following OWASP guidelines.
– Cloud and Network Security
Google Cloud Compute Engine (GCE) hosted in SOC 2/3 (SSAE 18)-compliant data centers within US borders.
GCE Data centers are staffed 24/7 by trained security guards, and access is authorized strictly on a least-privileged basis.
See Google’s Cloud Data Processing Addendum and Google Cloud Platform HIPAA BAA Addendum documents for more information on the data center / infrastructure.
PriusMED follows best practices to maintain security of Data, applications, and networks, in addition to the infrastructure level compliance provided by Google.
For each virtual server, all services are off, disabled, or blocked by default, and only certain services are added if and when needed.
All ports are locked down at the network (public access) level and at the virtual server (internal access) level by default.
Up-to-date security patches are deployed periodically and with each medCLOUD platform release.
TLS 1.3 with the most secure cyphers is strictly required for all client applications for both the public Internet traffic and for all internal GCE traffic
GCE infrastructure can only be accessed from a PriusMED-owned IP address enforced by: posture assessment, firewall rules, and using public/private key authentication.
GCE’s Andromeda (external traffic) and Cloud Armor Level 7 (internal traffic) provide always-on Distributed Denial of Service (DDoS) and volumetric network/protocol attacks (SYN floods, UDP floods) protection for the medCLOUD platform.
– Privacy and Encryption
All PHI and end-user data is always encrypted in transit and at rest.
Secure TLS 1.3 connection using SHA 256 with 2048 bit key and the strongest cipher suite.
Database backups are encrypted using AES 256.
Role-Based Access Control and Restrictions
A restricted number of PriusMED engineers, based on role, can access production servers.
Access to the production environment is only allowed if it originates from an approved PriusMED IP address
Any access to the administration of GCE environments requires a device that passes posture assessment for encryption and anti-virus
– Disaster Recovery and Data Backup
Available per SLA, the use of multiple Availability Zones with automatic failover allows customers to remain resilient in the face of most failure modes, including natural disasters or system failures.
Media files are stored in a secure, encrypted GCE bucket and can be automatically replicated to another GCE geographic region per SLA.
medCLOUD utilizes CGE intra-day persistent disk snapshots that are available for 14 days, and daily database backups available for 24 months. Backups are stored in Google backup vaults with vault status locked “Compliance Mode” and are immutable. All backups are encrypted to industry standard levels.
Available per SLA, medCLOUD can maintain a warm, stand-by stack in a separate GCE geographic region where we can transfer production operations in the event of a Production region outage.