Security & HIPAA Compliance
hXe is designed from the group up to comply with the various HIPAA Compliance requirements, so you can rest assured your data is safe.
With hXe, every channel is encrypted. From signing into the platform, submitting requests, receiving records, data at rest, all of it is encrypted using AES 256-bit encryption. All data stored is encrypted using AES 256-bit as well as the servers themselves.
OS and application scans are regularly done to maintain the highest level of security. Any publicly known vulnerability is patched upon finding. Static Application Security Testing (SAST) from a Gartner leading security scanning solution is used to test code changes and review for design flaws. We continuously scan our production and development environments with a Dynamic Application Security Testing suite.
Our servers are hardened according to the NIST and CIS guidelines. Systems are routinely scanned and updated according to latest CVE threats. This layer of security is often viewed as the global standard and is recognized as best practices for securing IT systems and data against the most pervasive attacks.
User Logging & Tracking
Wondering what your users are up to? To comply with HIPAA, all activity that views or accesses PII or PHI is logged into the database. We capture the users' information, IP address and information viewed through a reporting dashboard. Additionally, changes to users' information is logged to a database and the user is notified. This includes changes to a user profile, modification to group permissions or activation/deactivating their account.
Utilizing AWS infrastructure, hXe is secure, resilient and highly available. Network firewalls and web application firewalls are implemented to protect against common attack patterns. AWS data centers being geographically dispersed and maintaining redundant data centers in clusters protects hXe from local disasters. By leveraging AWS, you can feel confident hXe will always be available 24/7.
- File integrity checks and antivirus scan for every file uploaded
- User activity reporting
- Data encryption in transit and at rest
- Multi-factor authentication
- HIPAA and Hitech compliant