Trust and Security
YOUR TRUST MATTERS TO US.
We’ll Never Risk Your Confidence.
Alpha Health is secure by design. Our technology works within your existing ecosystems, abiding by your controls and creating audit trails in your systems. In fact, we capture records of every action our technology takes, so we not only ensure we stay compliant, but we can help enhance your teams compliance as well.
Our security and compliance standards cover the technical, physical, and administrative elements of any sound security program.
- Risk assessment
- Infrastructure as code
- Continuous integration
- Automated deployments
- Strict access and privilege escalation controls
- Vigilant monitoring
- Regular audits
- Incident response protocols
- Penetration testing
- Staff training
We use Amazon Web Services HIPAA and HiTRUST compliant cloud infrastructure with TLS 1.2 encryption for data in transit and AES-256 encryption when data is at rest.
We can work with all electronic medical record systems and support various connection methods, including HL7, FHIR, EDI, or other supported programming application interfaces.
Because we are serious about security.
Everything is encrypted at rest as well as in transit. Confidential data is always encrypted, both at the client as well as server side.
Master and SSL keys are securely stored in Hardware Security Modules, from where they are available to perform crypto operations but are never made directly accessible to anyone.
Transport layer security
Our solutions are only available via TLS, and furthermore only support an approved subset of cipher suites with PFS, DHE, or ECDHE with DH params at 3072 bits or more.
We run automated vulnerability scans and perform proactive patch management. In addition, we regularly perform data-driven risk assessments.
In-Depth Defense and Layered Security
- Many tiered security groups
- Network and host-based firewalls
- Network and sub-network isolation
- Multi-factor authentication
- A low attack surface
Everything As Code
- Accounts and permissions
- Auditing and compliance
- Product documentation and references