Security at 1upHealth
At 1upHealth, securing patient and payer healthcare data is our primary concern. We provide a variety of security features to make sure clinical and payer data is always safe and secure.
Security Features
At a high level, 1up offers these tried and tested security features to make sure all healthcare data on the 1up FHIR Platform is accessible only to authorized users.
We support patient APIs, provide developer documentation and support, API logging, and member consent workflows for access to clinical EHR data in production, which is used by 650+ companies.
All data is stored and backed up in multiple data stores as well as through standard AWS tools for backup and recovery.
Logs are stored in multiple places with both info, warning, and error logs persisted.
We leverage modern cloud best practices to harness the full power of each AWS service.
Our HIPAA compliant, SOC 2 audited platform has had no security breaches. We were the only winner of the security (hacking) phase of the HHS Secure FHIR Server Challenge.
Auditing and role-based access control (RBAC) are provided to manage deployments. 1upHealth controls these permissions based on the cloud platform's built in roles and accounts.
Automated penetration tests run against our infrastructure in production. Bug bounty programs are in place for white hat hackers. Multiple code scan tools detect vulnerabilities.
HealthTech Compliance
1upHealth provides world-class compliance in accordance with the following standards.
-
SOC2 Type 2
-
HIPAA
-
Red Flag Rule
-
PCI-DSS
-
NYS Breach
-
Framework for Critical Infrastructure for Cybersecurity
-
HIPAA / Cybersecurity Awareness Employee training
-
Governance, Risk, Compliance (GRC) Program