Data Security & Privacy
Setting a Higher Bar
HealthEC is going above and beyond to protect our data and our clients with privacy and security measures that exceed industry standards.
First and foremost, all our security and privacy practices are HIPAA compliant. HealthEC is also Certified by the Electronic Healthcare Network Accreditation Commission (EHNAC) and our SOC2 certification is in progress.
Security & Monitoring at HealthEC
People are the Key
Security at HealthEC begins with our people. We make sure that they are all carefully trained in regards to HIPAA and our security protocols.
- 100% compliance with annual security and HIPAA training
- All team members undergo pre-employment background checks and drug tests
- Continuous employee verification through the OIG/LEIE and OFAC exclusion databases
- Strict procedure for on-boarding and off-boarding new employees for access control
Critical Security Processes
HealthEC has in place a comprehensive information security program that follows international and national data protection conventions. Key components of the program include:
- All software releases and infrastructure configuration changes reviewed to ensure security is maintained
- Comprehensive vulnerability management program
- Comprehensive third-party risk management program
- Annual penetration testing of all infrastructure and applications
Advanced Technology
HealthEC employs a variety of technology solutions and resources focused on data protection and privacy. All data is encrypted in rest and transit. We use enterprise-wide multi-factor authentication (MFA). All access to data is protected by comprehensive identity and access management security (IAM).
Cloud services include:
- AWS CloudTrail
- AWS GuardDuty
- AWS Security Hub
- AWS Config
- Azure Security Center
- Azure Sentinel
- Azure ATP
- Azure Policy