Security and Compliance at medaptus
The security and safety of our teams and our customers’ medical data is of the utmost importance at medaptus. As a company who specializes in the healthcare space, we know how vital it is that your information is kept secure and that’s why we’ve put procedures and safeguards in place to keep your information as protected as possible.
Security compliance is also a top priority for our parent company, Volaris Group (TSE: CSU), which is why Volaris Group instills strict security protocols and audits every one of their business units.
Medical data is securely stored in redundant tier IV data centers. We take pride in ensuring our customers’ medical data is 24/7/365 monitored and supported, and secure with the industry’s best and top U.S-based data centers.
Below is more information on our security policies.
Information Security Program
Organization
Medaptus’ thorough approach to security and compliance is overseen by the Medaptus Security Officer whose primary responsibilities include managing the company’s data center operations, IT infrastructure, and HIPAA regulatory requirements and compliance.
Medaptus maintains a full third-party audited systems security plan, that aligns with NIST, HIPAA, and HITRUST controls.
Audits
We are annually audited for security compliance by two independent third-party companies.
Incident Management
Should an incident occur, we have a fully trained incident response team that is prepared to handle any event.
Security Awareness Training
Medaptus maintains a security and awareness training program for all team members. All of our employees undergo HIPAA and security training continuously throughout the year.
Data and Privacy Policy
Your data is secure with the industry’s best and top geographically dispersed US-based data centers. All data and services are U.S based and never leave U.S territories. Data is always encrypted, at rest and in transmission.
Since our solutions integrate with other solutions used by our customers (such as EHRs), we also ensure there is end-to-end encryption during the data exchanges.
Compliance & Certifications
HIPAA Compliance
All of our solutions are HIPAA-compliant, and are independently audited by third-party companies to ensure we maintain compliance.
HITRUST
We work with an industry-leading third party that annually audits our policies, procedures, and systems.
Application and Infrastructure Security
We work with an industry-leading third party that audits us annually, our policies, procedures and systems.
From a security standpoint, all releases are audited for vulnerability management and undergo penetration testing by an independent third-party company.
Additionally, we contract with independent third-parties to do quarterly penetration tests, quarterly network scans, and daily asset vulnerability scans, and Application static and dynamic scans of each release. All SaaS sites are continually monitored for site responsiveness and transaction availability with automatic alerting of Technical Operations team when issues are detected.
Internally, we’re also auditing for continual vulnerability management.
We work with two of the largest industry leaders for 24/7 monitored network security and anti-virus.
Staying Up-to-Date
Staying up to date on the latest security protocols is of the utmost importance to us. Every year, we work with third-party partners to ensure we’re staying current and staying ahead of any new security protocols and regulations.
Got any additional questions, comments or concerns?
Reach out to us at info@medpatus.com and a member of our security team will be in touch with you shortly.
Please note, this information is subject to change at any time.