|
|
|
The Server Farm The Server Farm uses an advanced series of firewalls to protect transmission of all data on their Servers. The Google Front End (GFE) servers support strong encryption protocols, such as TLS, to secure the connections between customer devices and Google's web services and APIs. Video Conference Videoconference functionality is available in the Communications Panel. For communication in real time, the System uses WebRTC library. The protocol used is Session Description Protocol (SDP). P2P data transmission protocol is SecureRTP (Secure Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and data protection in applications. For more information see: http://webrtc-security.github.io/ Chat Chat functionality is available in the Communication Panel. Each message is saved in the database and sessions can be audited via report. The Data Transmission System uses SignalR and uses encryption (SSL) to secure the transport of data. For more information see: https://docs.microsoft.com/en-us/aspnet/signalr/overview/security/introduction-to-security E-mail communication is supported in the Communication Panel. Users can exchange information using a built-in System email engine. Messages are sent to emails registered in the System during User account creation. All messages are encrypted using TLS protocol. Our email server is hosted on the Server Farm and uses SMTP secure communication. For more information click the following link: https://cloud.google.com/compute/docs/tutorials/sending-mail/ Mobile Mobile Application communication is integrated with the System Portals and database. Mobile apps are available on Android, iOS, and Windows phones. Once a user successfully logs into a mobile app, the mobile app communicates with the System server API to access the database and uses secure TLS protocol. For more information see: iOS https://www.apple.com/business/docs/iOS_Security_Guide.pdf Android https://developer.android.com/training/articles/security-tips.html Physical Safeguards Physical Safeguards to protect all information and ePHI information are ensured by the Server Farm and through a legally binding BAA with the Server Farm. Enfoglobe hosts the software system and data on Google’s Google Cloud Platform (GCP). Server Facility Access Control The Server Farm safeguards the facility and equipment by monitoring their facility 24 hours a day, both internally and externally, with high-resolution cameras to prevent unauthorized entities from accessing servers and data. Facility Access and Validation The Server Farm maintains strict access control. This includes background checks on all future-employees, security training for all employees, biometric scanners, internal/external cameras, and vehicle access barriers. Device and Media Controls The Server Farm ensures proper process policies for the removal and re-use of devices and Electric Media. Return or Disposal of Data Disposal of all Data will be in accordance with the Business Associate Agreement. The Server Farm will return or destroy all data. In the event that contact ends, Enfoglobe will export from and return all data to the Client. Media Re-Use In the event that electronic media needs to be re-used, the Server Farm will properly remove ePHI before the Electronic Media is re-used in accordance with the BAA. Enfoglobe is not in possession of electronic media that contains Client ePHI. Accountability for HardwareThe Server Farm keeps track of all movement of hardware and keeps track of all Data stored in the System, if and when the Server Farm physically moves the Server hardware. Links to Security Documents: Below are links to Google security and HIPAA compliance documents: https://cloud.google.com/security/whitepaper, https://cloud.google.com/security/compliance/hipaa/, https://cloud.google.com/security/security-design/ https://cloud.google.com/security/compliance
|
|
|
|
|
|
|
|
|
|
The Server Farm uses an advanced series of firewalls to protect transmission of all data on their Servers. The Google Front End (GFE) servers support strong encryption protocols, such as TLS, to secure the connections between customer devices and Google's web services and APIs. Videoconference Videoconference functionality is available in the Communications Panel. For communication in real time, the System uses WebRTC library. The protocol used is Session Description Protocol (SDP). P2P data transmission protocol is SecureRTP (Secure Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and data protection in applications. For more information see: http://webrtc-security.github.io/ Chat Chat functionality is available in the Communication Panel. Each message is saved in the database and sessions can be audited via report. The Data Transmission System uses SignalR and uses encryption (SSL) to secure the transport of data. For more information see: https://docs.microsoft.com/en-us/aspnet/signalr/overview/security/introduction-to-security E-mailE-mail communication is supported in the Communication Panel. Users can exchange information using a built-in System email engine. Messages are sent to emails registered in the System during User account creation. All messages are encrypted using TLS protocol. Our email server is hosted on the Server Farm and uses SMTP secure communication. For more information click the following link: https://cloud.google.com/compute/docs/tutorials/sending-mail/ Mobile Mobile Application communication is integrated with the System Portals and database. Mobile apps are available on Android, iOS, and Windows phones. Once a user successfully logs into a mobile app, the mobile app communicates with the System server API to access the database and uses secure TLS protocol. For more information see: iOS https://www.apple.com/business/docs/iOS_Security_Guide.pdf Android https://developer.android.com/training/articles/security-tips.html Physical Safeguards Physical Safeguards to protect all information and ePHI information are ensured by the Server Farm and through a legally binding BAA with the Server Farm. Enfoglobe hosts the software system and data on Google’s Google Cloud Platform (GCP). Server Facility Access Control The Server Farm safeguards the facility and equipment by monitoring their facility 24 hours a day, both internally and externally, with high-resolution cameras to prevent unauthorized entities from accessing servers and data. Facility Access and Validation The Server Farm maintains strict access control. This includes background checks on all future-employees, security training for all employees, biometric scanners, internal/external cameras, and vehicle access barriers. Device and Media Controls The Server Farm ensures proper process policies for the removal and re-use of devices and Electric Media. Return or Disposal of Data Disposal of all Data will be in accordance with the Business Associate Agreement. The Server Farm will return or destroy all data. In the event that contact ends, Enfoglobe will export from and return all data to the Client. Media Re-Use In the event that electronic media needs to be re-used, the Server Farm will properly remove ePHI before the Electronic Media is re-used in accordance with the BAA. Enfoglobe is not in possession of electronic media that contains Client ePHI. Accountability for HardwareThe Server Farm keeps track of all movement of hardware and keeps track of all Data stored in the System, if and when the Server Farm physically moves the Server hardware. Links to Security Documents: Below are links to Google security and HIPAA compliance documents: https://cloud.google.com/security/whitepaper, https://cloud.google.com/security/compliance/hipaa/, https://cloud.google.com/security/security-design/ https://cloud.google.com/security/compliance
|
|
|
The Server Farm uses an advanced series of firewalls to protect transmission of all data on their Servers. The Google Front End (GFE) servers support strong encryption protocols, such as TLS, to secure the connections between customer devices and Google's web services and APIs. Videoconference Videoconference functionality is available in the Communications Panel. For communication in real time,
the System uses WebRTC library. The protocol used is Session Description Protocol (SDP). P2P data
transmission protocol is SecureRTP (Secure Real-time Transport Protocol), intended to provide encryption,
message authentication and integrity, and data protection in applications.
Chat Chat functionality is available in the Communication Panel. Each message is saved in the database and
sessions can be audited via report. The Data Transmission System uses SignalR and uses encryption
(SSL) to secure the transport of data.
E-mail communication is supported in the Communication Panel. Users can exchange information using a
built-in System email engine. Messages are sent to emails registered in the System during User account
creation. All messages are encrypted using TLS protocol. Our email server is hosted on the Server
Farm and uses SMTP secure communication.
Mobile Mobile Application communication is integrated with the System Portals and database. Mobile apps are
available on Android, iOS, and Windows phones. Once a user successfully logs into a mobile app, the
mobile app communicates with the System server API to access the database and uses secure TLS protocol.
iOS https://www.apple.com/business/docs/iOS_Security_Guide.pdf Android https://developer.android.com/training/articles/security-tips.html Physical Safeguards Physical Safeguards to protect all information and ePHI information are ensured by the Server Farm and through a legally binding BAA with the Server Farm. Enfoglobe hosts the software system and data on Google’s Google Cloud Platform (GCP). Server Facility Access Control The Server Farm safeguards the facility and equipment by monitoring their facility 24 hours a day, both internally and externally, with high-resolution cameras to prevent unauthorized entities from accessing servers and data. Facility Access and Validation The Server Farm maintains strict access control. This includes background checks on all future-employees, security training for all employees, biometric scanners, internal/external cameras, and vehicle access barriers. Device and Media Controls The Server Farm ensures proper process policies for the removal and re-use of devices and Electric Media. Return or Disposal of Data Disposal of all Data will be in accordance with the Business Associate Agreement. The Server Farm will return or destroy all data. In the event that contact ends, Enfoglobe will export from and return all data to the Client. Media Re-Use In the event that electronic media needs to be re-used, the Server Farm will properly remove ePHI before the Electronic Media is re-used in accordance with the BAA. Enfoglobe is not in possession of electronic media that contains Client ePHI. Accountability for HardwareThe Server Farm keeps track of all movement of hardware and keeps track of all Data stored in the System, if and when the Server Farm physically moves the Server hardware. Links to Security Documents: Below are links to Google security and HIPAA compliance documents: https://cloud.google.com/security/whitepaper, https://cloud.google.com/security/compliance/hipaa/, https://cloud.google.com/security/security-design/ https://cloud.google.com/security/compliance
|
|
|
|