Trust and Security

YOUR TRUST MATTERS TO US.

SECURE BY DESIGN

We’ll Never Risk Your Confidence.

Alpha Health is secure by design. Our technology works within your existing ecosystems, abiding by your controls and creating audit trails in your systems. In fact, we capture records of every action our technology takes, so we not only ensure we stay compliant, but we can help enhance your teams compliance as well.

Our security and compliance standards cover the technical, physical, and administrative elements of any sound security program.

  • Risk assessment
  • Infrastructure as code
  • Continuous integration
  • Automated deployments
  • Strict access and privilege escalation controls
  • Vigilant monitoring
  • Regular audits
  • Incident response protocols
  • Penetration testing
  • Staff training

 

We use Amazon Web Services HIPAA and HiTRUST compliant cloud infrastructure with TLS 1.2 encryption for data in transit and AES-256 encryption when data is at rest.

We can work with all electronic medical record systems and support various connection methods, including HL7, FHIR, EDI, or other supported programming application interfaces.

Because we are serious about security.

ENCRYPTION

Everything is encrypted at rest as well as in transit. Confidential data is always encrypted, both at the client as well as server side.

Keys

Master and SSL keys are securely stored in Hardware Security Modules, from where they are available to perform crypto operations but are never made directly accessible to anyone.

Transport layer security

Our solutions are only available via TLS, and furthermore only support an approved subset of cipher suites with PFS, DHE, or ECDHE with DH params at 3072 bits or more.

Measures

We run automated vulnerability scans and perform proactive patch management. In addition, we regularly perform data-driven risk assessments.

In-Depth Defense and Layered Security

  • Many tiered security groups
  • Network and host-based firewalls
  • Network and sub-network isolation
  • Multi-factor authentication
  • A low attack surface

Everything As Code

  • Infrastructure
  • Accounts and permissions
  • Auditing and compliance
  • Product documentation and references