Our Responsibilities

We automate many compliance and security functions, and there are additional functions that our internal DevOps team handles on a regular basis, so that you don't have to.

  • Analysis of intrusion detection system data for anomalous activity and system issues
  • Audits of firewall rules and IP address whitelists
  • Maintaining base images for Docker containers used in our platform
  • Review of published vulnerabilities and exposures
  • Security patching
  • Virtual machine scans and testing

Two analysts examining data at their desk.

Shared Responsibility Model

Healthcare Blocks provides a secure environment to which customers can deploy their application. However, the platform cannot protect customer applications against Web-based vulnerabilities such as cross-site scripting and SQL injection attacks. It also cannot audit application-level events pertaining to PHI. Customers are ultimately responsible for deploying applications that apply security best practices and follow HIPAA guidelines for auditing and data privacy.

We've assembled our best practices for application developers that are derived from projects we've implemented or consulted on. While the list is not intended to be comprehensive, it can serve as a checklist for determining your readiness to deploy a production application to Healthcare Blocks.

Application Authentication & User Management
Application-level Access Controls / Access Logs
Client-side Data Encryption
Code Reviews and Vulnerability Assessment (cross-site scripting, SQL injection, etc.)

Data Encryption at Rest (server-side)
Network Traffic Encryption
Intrusion Detection & Prevention
Automated Backups
System Monitoring
Data Replication
System Redundancy
Firewall Configuration & Management
Encryption Key Management
System Access Controls & Logging
Operating System: Management, Maintenance & Patching
Database Engine: Administration, Maintenance, & Patching
Log Aggregation & Archiving
Vulnerability Scanning
Monitoring & Alerting