Data Security & Privacy

Home / About / Data Security & Privacy

Setting a Higher Bar

HealthEC is going above and beyond to protect our data and our clients with privacy and security measures that exceed industry standards.

First and foremost, all our security and privacy practices are HIPAA compliant. HealthEC is also Certified by the Electronic Healthcare Network Accreditation Commission (EHNAC) and our SOC2 certification is in progress.

Security & Monitoring at HealthEC

Zero Trust Security Model

Provides the highest level of thorough and redundant access controls.

Immutable Audit Trails

For our applications and infrastructure.

Threat Intelligence Integration

Crowdstrike Falcon Intelligence, AWS GuardDuty and Azure Sentinel.

Advanced Server and Endpoint Protection

Continuous internal and 3rd party security monitoring with CrowdStrike Falcon Complete MDR™.

Continuous Application Performance

Monitoring with New Relic.

Secure Development and Operational Practices

Ensure software is free from security defects.

People are the Key

Security at HealthEC begins with our people. We make sure that they are all carefully trained in regards to HIPAA and our security protocols.
  • 100% compliance with annual security and HIPAA training
  • All team members undergo pre-employment background checks and drug tests
  • Continuous employee verification through the OIG/LEIE and OFAC exclusion databases
  • Strict procedure for on-boarding and off-boarding new employees for access control

Critical Security Processes

HealthEC has in place a comprehensive information security program that follows international and national data protection conventions. Key components of the program include:
  • All software releases and infrastructure configuration changes reviewed to ensure security is maintained
  • Comprehensive vulnerability management program
  • Comprehensive third-party risk management program
  • Annual penetration testing of all infrastructure and applications

Advanced Technology

HealthEC employs a variety of technology solutions and resources focused on data protection and privacy. All data is encrypted in rest and transit. We use enterprise-wide multi-factor authentication (MFA). All access to data is protected by comprehensive identity and access management security (IAM).

Cloud services include:

  • AWS CloudTrail
  • AWS GuardDuty
  • AWS Security Hub
  • AWS Config
  • Azure Security Center
  • Azure Sentinel
  • Azure ATP
  • Azure Policy