As a data-driven company, our ability to ensure the security of highly sensitive healthcare information is paramount. From day one, Allēus has taken a relentless approach to designing and building a framework of stalwart networks and protocols so that the vital data our client partners and their patients and members entrust to our care is safe and secure from project start to finish.
100% AWS Cloud Security Environment
Allēus operates in a 100% Amazon Web Services (AWS) cloud-based security environment. Among its numerous security and compliance certifications, AWS is certified as ISO/IEC 27001:2013, 27017:2015, and 27018:2014; FedRamp; NIST 800-53 and 171; and SOC 1, 2, and 3 compliant. We use a multi-firewall approach that pushes confidential data and Protected Health Information (PHI) into a sub-level that isolates sensitive data from the main environment and segregates each client’s dataset.
Regulatory Compliance at All Levels of our Systems & Processes
Our systems and processes are compliant with the National Institute of Standards and Technology (NIST) and HIPAA. In accordance with the Minimum Necessary Use provisions of HIPAA, we have developed stringent role-based access controls that limit access to only those employees who are engaged actively in a client project and who have the need to access PHI. Importantly, all staff who work with PHI are required to complete mandatory HIPAA awareness training and HIPAA refresher training administered by a recognized training vendor and our compliance staff. In addition, we mandate additional training based on specific roles and responsibilities.
Leading Practices for Healthcare Information Security
In accordance with NIST and federal government standards for minimizing risk related to ransomware and other integrity attacks, we employ access and role-based multi-factor authentication. We also have implemented leading practices for identity management, endpoint protection, anti-virus protection, and patch. Allēus has a fully virtualized environment for control and containment of data and services. We provide secure encryption for data at rest and in transit using secure file transfer protocols for all PHI data transfers.
24/7/365 Audit Controls & Risk Assessment Monitoring
We provide 24/7/365 audit controls and conduct monthly vulnerability scans as well as an annual security risk assessment with penetration testing. Our industry-leading incident, change management, and disaster recovery policies and processes ensure timely evaluation and response to any potential security incident or disaster.