Security and compliance are a top priority at hxe and we provide several
internal solutions to ensure that patient records are protected at all
times. We take these matters seriously so as your business associate, you
can be confident that we take the necessary precautions to insulate you
against breaches.
Our Staff
When you work with hxe you can be assured that our staff is fully
trained through the hxe University - an industry-leading course we’ve
developed to provide continuous training for our employees. This ensures
that our staff understands HIPAA and OSHA requirements and any changes
made to federal and local requirements.
Our Technology
Our cloud-based ROI platform is designed from the ground up to comply
with the various HIPAA and HITECH Compliance requirements, so you can
rest assured that your data is safe. Our technology exceeds HIPAA
guidelines and regularly undergoes extensive system security and
penetration testing.
Securing Your Data at Every Turn
Encryption
With our system, every channel is encrypted. From signing into the
platform, submitting requests, receiving records, data at rest, all of
it is encrypted using AES 256-bit encryption. All data stored is
encrypted using AES 256-bit as well as the servers themselves
Vulnerability Scanning
OS and application scans are regularly done to maintain the highest
level of security. Any publicly known vulnerability is patched upon
finding. Static Application Security Testing (SAST) from a Gartner
leading security scanning solution is used to test code changes and
review for design flaws. We continuously scan our production and
development environments with a Dynamic Application Security Testing
suite
System Hardening
Our servers are hardened according to the NIST and CIS guidelines.
Systems are routinely scanned and updated according to latest CVE
threats. This layer of security is often viewed as the global standard
and is recognized as best practices for securing IT systems and data
against the most pervasive attacks
User Logging & Tracking
Wondering what your users are up to? To comply with HIPAA, all activity
that views or accesses PII or PHI is logged into the database. We
capture the users’ information, IP address and information viewed
through a reporting dashboard. Additionally, changes to users’
information is logged to a database and the user is notified. This
includes changes to a user profile, modification to group permissions or
activation/deactivating their account
Cloud Advantage
Utilizing AWS infrastructure, our system is secure, resilient and highly
available. Network firewalls and web application firewalls are
implemented to protect against common attack patterns. AWS data centers
being geographically dispersed and maintaining redundant data centers in
clusters protects our system from local disasters. By leveraging AWS,
you can feel confident that our system will always be available 24/7