Security
FAQs | Security | For Doctors
How safe is your health data with Healthspek? We are committed to providing a resource with the utmost security. Here's how we do that:
Transfer of Data
When Healthspek on your iPad/iPhone transmits or requests information to the Healthspek cloud servers it uses Secure Sockets Layer (SSL). This protocol was developed for transmitting private data via the Internet. SSL creates a secure connection between the Healthspek app and the Healthspek Servers, over which data can be sent securely. This is the same protocol that your bank uses to transmit confidential banking data.
How SSL works with Healthspek:
- The Healthspek App attempts to connect to the Healthspek Servers.
- The App requests that the Servers identify itself.
- The Server sends the App a copy of its SSL Certificate.
- The App checks whether it trusts the SSL Certificate. If so, it sends a message to the Server.
- The Server sends back a digitally signed acknowledgement to start an SSL encrypted session.
- Encrypted data is shared between the App and the Server.
Encryption Protects Data During Transmission
Storing of Data
Healthspek Servers are located in and managed by one of the nation’s top data centers. They follow ISO17799-based policies and procedures, regularly reviewed as part of their SAS70
Type II audit process.
Physical Security
- Data center access limited to data center technicians
- Biometric (finger prints, etc.) scanning for controlled data center access
- Security camera monitoring at data center location
- 24×7 on site staff provides additional protection against unauthorized entry
- Physical security audited by an independent firm
- Fail-safe systems for power outage, internet failure and fire suppression
System Security
- System installation using hardened, patched OS
- System patching configured to provide ongoing protection from exploits
- Dedicated firewall services to help block unauthorized system access
- Data protection with managed backup solutions
- Distributed Denial of Service (DDoS) mitigation
- System access logged and tracked for auditing purposes