Through HIPAA (Health Insurance Portability and Accountability) the United States is providing privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.
Access Management: All requests to/from our servers are made over encrypted https (TLS 1.2) using only the most secure cipher suites. Our database instance, and all of its backups, are encrypted at the volume level.
Encryption and Decryption: Eclipse Scheduling uses a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to host, maintain and deploy the solution across all platforms. Eclipse Scheduling infrastructure is a multitenant public cloud solution with the ability to segregate data by tenant on their own dedicated instance.
Key Management: The access keys are securely stored in a key management service provided by our cloud host provider. This is required to startup the instances since we use volume level encryption. Only the necessary development/operations members at Eclipse Scheduling, have access to this key service.
Logging and Audit Controls: Customers do not have direct access to their own system logs, but can be supplied to them upon request to Eclipse Scheduling. All user login failures are logged. All security incidents are escalated to senior technical staff and when found to be true threats are logged against internal ticketing system for mitigation.
Monitoring: Eclipse Scheduling monitors all servers and network hardware the application is running on. Internal and external monitoring checks all of the monitored devices at 5 second intervals. Roles Based Management can be used to restrict access to those users who should not have access to PHI information. All user activity is logged.