Information Security Measures
Updox takes data protection seriously and employs various tactics to safeguard information. All Updox computer systems are secured using user authentication, firewalls, malware prevention, and intrusion detection. Information transmission is encrypted and hashed using AES 256 and SHA-2 standards respectively. Transmission over the internet is conducted via TLS for added security.
Data Center Security
Information is stored on Updox's servers in enterprise-class data centers located in locked cabinets. Data is encrypted at rest using AES 256. Data centers are designed with fortified structures, redundant infrastructures, and situated in safe zones. Power supply is backed up by multiple sources, including UPS devices and diesel generators, ensuring continuous operation. Additionally, the centers implement fire suppression systems, monitoring, and multiple layers of access controls such as biometric scanning, surveillance, and logs.
Mobile Devices and Payment Card Information
Updox does not retain patient protected health information (PHI) on mobile devices. Payment card information is not stored, processed, or accessed unencrypted. Once entered, the data is securely transmitted via tokens to payment card processors for enhanced security.
Security Audits and Assessments
To ensure robust security protocols, Updox undergoes various audits and assessments. These include annual 3rd party security assessments, bi-annual EHNAC Accreditation, ONC Health IT Certification, PCI Self-Assessment, internal vulnerability scans, risk assessments, and employee training on security procedures, HIPAA privacy & security, and PCI policies.
Contact Information
For any inquiries related to Updox's security measures, individuals can contact support@updox.com. Subscribing to Updox's newsletter keeps users informed about product updates and releases.