SECURITY & PRIVACY
Guided By Industry Best Practices
At Mobile Heartbeat, we are passionate about improving clinical processes through the use of technology. We are also aware that protection and privacy of information are non-negotiable requirements. Everyone is part of the InfoSec team and have consciousness of:
- Our cyber behaviors matter downstream to our customers and to the communities that they serve
- Our position in the healthcare supply chain demands strong defense against information security threats
InfoSec Core Objectives
The InfoSec Program at Mobile Heartbeat has three core objectives:
Our InfoSec program aims to secure our technology and our customers’ data.
Our Security Philosophy and Vision
We appreciate that our customers involve Mobile Heartbeat as part of their technology-enhanced clinical collaboration processes, thus we’re dedicated to building the industry’s most secure and trusted unified clinical communication platform. Our cloud offering, Banyan, is managed, standardized, and tested to meet customers’ demand for trust.
Guided by the industry best practices and regulatory requirements, security and privacy are embedded into the fabric of Banyan across all layers from platform to application.
Security + Privacy by Design and in Operations
- Information security risk assessments
- Security review of technical designs and architectures
- Logical segregation of customer data
- Authentication and role-based access control for least-privilege access
- Just-in-Time privileged access
- Data encryption in transit and at rest
- Vulnerability and threat management
- Security logging and monitoring
- Platform and application penetration tests by external, independent vendors
HIPAA Privacy and Security Rule Standards
- Focus area in the risk assessment process
- Active monitoring of compliance
- Workforce training and awareness
- PHI handling guidance for the workforce
Multiple US regional presence for redundancy
Segmented architecture based on the hub-and-spoke model
Infrastructure as Code and containerized app for easy recovery
Security Incident Response exercises
Built Through A Secure Development Program
- Threat modeling
- Security testing on the CI/CD pipeline
- Static Code Security Testing (SAST)
- Secret scanning
- Software composition analysis (dependency check)
- Security testing off the CI/CD pipeline
- Dynamic Application Security Testing (DAST)
- Penetration testing by 3rd parties
Contact Info
If you have any questions or inquiries about Mobile Heartbeat’s information security program, please contact infosec@mobileheartbeat.com