What is Covered

The Healthcare Blocks platform helps organizations comply with the HIPAA Security Rule by handling specific physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

Healthcare Blocks environments are security-hardened by applying industry standards and best practices to ensure the storage and transmission of PHI is protected against theft and unauthorized access. See more details below.

Man thoughtfully looking at sticky notes that are on the wall in front of him.

Unrivaled Encryption and Security

  • Data is encrypted at rest using AES encryption with 256-bit keys, as recommended by the National Institute of Standards and Technology (NIST) and Federal Information Processing Standard (FIPS).
  • Digital signatures related to cryptography operations use the elliptic curve digital signature algorithm (ECDSA).
  • Transmitted PHI is encrypted using strong TLS (predecessor to SSL) ciphers configured for perfect forward secrecy. Insecure TLS ciphers are disabled per NIST recommendations.
  • Virtual machine filesystems are regularly scanned for file integrity, malware, and rootkits.
  • Network access to virtual machines is inspected in real time and permanently logged. Intrusion attempts are automatically identified and blocked on a per IP address basis for a significant duration of time, mitigating SSH dictionary attacks and other malicious behavior.
  • Network traffic routed within each customer environment travels through an isolated, non-shared subnet. It is not possible for encrypted and unencrypted traffic to be intercepted within other customer environments.
  • SSH access to application environments is configured per the Center for Internet Security (CIS) benchmark recommendations. Network traffic can be restricted to specific whitelisted IP addresses or VPN connections on a per environment basis.

With Healthcare Blocks, Your Data is Safe

  • All data stored in Healthcare Blocks is safe and recoverable, protecting customers against accidental loss or mistakes.
  • Disk volumes leverage a fault-tolerant, high-availability storage system.
  • Nightly snapshots create a backup of each disk volume.
  • For data integrity purposes, database backups are automatically enabled based on a consistent schedule, sensible rotation, and retention policy.
  • Monthly backups are retained for 6 years by default; customers can easily customize their data backup policy.
  • Database backups are encrypted and stored in a highly durable storage infrastructure (99.999999999% durability and 99.99% availability).

Advanced Environment Configuration

  • High availability configurations for application and database instances are available in Healthcare Blocks and are recommended for avoiding perceived downtime if a node fails or is unresponsive. High availability environments are configured to automatically replicate data; if one instance fails, another one is immediately available. In addition to standard master-slave database replication options (and MongoDB replicasets), a multi-master configuration is available for MySQL/MariaDB.
  • High availability instances are configured to run in separate Amazon Web Services availability zones, each possessing an isolated power system and backup generators. In the event of a network failure, natural disaster, and other sources of downtime within a single zone, a load balancer will continue to send traffic to healthy nodes only.
  • Geographic redundancy (West vs. East Coast) is also available at additional cost.
  • Every customer environment is monitored for uptime and resource utilization. When an instance fails, our team is automatically notified and will attempt to recover your environment.
  • Each customer environment has a static IP address that is automatically re-attached to a replacement instance.
Amazon Web Services Logo

Our infrastructure provider, Amazon Web Services, provides many physical safeguards to secure their data centers and manage business continuity. More information can be found in the AWS Security Whitepaper.