Data Security in the EHR

Encryption

• Data at Rest: All Protected Health Information (PHI) is encrypted using AES-256 encryption, managed through AWS Key Management Service (KMS), ensuring even physical storage drives are unreadable without authorization.

• Data in Transit: TLS 1.2+ encryption secures data moving between users, systems, and third parties (e.g., labs, providers).

Access Controls & Authentication

• Role-Based Access Control (RBAC): Permissions are strictly tailored to user roles (e.g., patients, providers, admins), adhering to the principle of least privilege.

• Multi-Factor Authentication (MFA): Required for all administrative access to systems handling PHI.

• Audit Logs: All access attempts and modifications are logged via AWS CloudTrail and monitored in real time for anomalies.

HIPAA Compliance & Certifications

• AWS HIPAA-eligible Services: Our infrastructure leverages AWS services covered under a Business Associate Agreement (BAA), ensuring HIPAA compliance.

• Regular Audits: We undergo third-party audits (e.g., SOC 2, HIPAA gap assessments) to validate controls.

• Business Continuity: PHI is redundantly stored across AWS Availability Zones with automated backups and disaster recovery protocols.

Proactive Threat Detection

• 24/7 Monitoring: AWS GuardDuty and custom tools detect and mitigate threats like unauthorized access or unusual activity.

• VPC & Firewalls: Network traffic is isolated within Amazon Virtual Private Clouds (VPCs) and protected by strict firewall rules.

Human Safeguards

• Mandatory Training: All staff complete HIPAA and cybersecurity training.

• Confidentiality Agreements: Employees and partners are contractually bound to protect PHI.

Transparency & Your Control

• Data Ownership: You retain full ownership of patient data—we never share or monetize it.

• Compliance Support: We will gladly provide documentation (e.g., BAA, audit summaries) to streamline your due diligence.