Information Security Certifications
Luma Health upholds various Information Security and Data Privacy certifications to ensure the utmost protection of both your and your patients' data. With certifications such as ISO 27001:2022, HITRUST CSF r2, SOC 2 Type II, TX-RAMP Level 2, and participation in the US-EU Privacy Framework, Luma Health adheres to internationally recognized standards and frameworks.
Identity and Access Management
Luma Health employs robust Identity and Access Management practices, centrally managing all system access. By enforcing Single Sign-On, Multi-Factor Authentication, and Role-Based access control, Luma Health ensures secure access to its platform. Regular access reviews and approval processes guarantee that access privileges are always up-to-date and minimal for each user.
Infrastructure and Vulnerability Management
Operating on a fully cloud-based infrastructure, Luma Health's modern, auto-scaling microservices architecture ensures agility and scalability. Automated vulnerability scans, immediate threat response, and a stringent change control process result in a secure and resilient infrastructure. Any identified vulnerabilities are promptly addressed within a defined schedule to maintain the integrity of the platform.
SDLC, Audit, and Compliance
With a comprehensive Software Development Life Cycle (SDLC) aligned with OWASP Top Ten, Luma Health ensures that all code undergoes rigorous security checks before production release. Internal audits, compliance reviews, and continuous certifications such as ISO 27001:2022, SOC 2, and HITRUST r2 attest to Luma Health's commitment to maintaining a secure environment for its users.
End User Security and Incident Management
Prioritizing end user security, Luma Health mandates background checks, HIPAA training, and Information Security training for all employees. With stringent device management and security controls, including full disk encryption and advanced antivirus solutions, Luma Health safeguards against data breaches. A well-defined Incident Management policy ensures swift and effective response to any security incidents, with regular testing to refine response procedures.
Business Continuity, Disaster Recovery, and Data Privacy
Teaming up with AWS for cloud hosting, Luma Health ensures a 99.9% uptime target with real-time replication. Agile microservices architecture allows for rapid deployment in case of emergencies. Luma Health's approach to data privacy is exemplary, with a Zero Data Retention model for AI products like Spark Navigator, guaranteeing the protection and privacy of customer and patient data.