App container and SSH access logs are permanently stored in S3. Logs are streamed in near real-time to the archive, to minimize loss of data in the unlikely...

When PHI is viewed or modified, your application should record the identity of the person and the timestamp (other metadata, e.g. IP address, is not requir...

Customer Responsibilities 1. Using an up-to-date version of programming languages, application dependencies, application frameworks (including browser-side...

When an AWS Elastic Block Storage (EBS) volume is deleted, AWS automatically wipes its contents using an unspecified method.  Upon request, Healthcare Bloc...

For all servers, SSH access logs are permanently archived in our intrusion detection system (IDS) database, which is replicated and backed up nightly. A ...

The Healthcare Blocks platform performs a nightly scan of every virtual machine using the following tools: ClamAV Linux Malware Detect Rootkit Hunter ...

Under the US Health Insurance Portability and Accountability Act (HIPAA), PHI that is linked based on the following list of 18 identifiers must be treated w...

Healthcare Blocks virtual servers are security hardened and continuously maintained to eliminate vulnerabilities. Virtual Machines are Generated and Tested...

Platform                         Platform uptime is dependent on the availability of Amazon Web Services infrastructure and whether you have selected a hig...

Healthcare Blocks uses a combination of tools, including a custom metrics collection agent, AWS CloudWatch, PagerDuty, and Slack to keep an eye on the upti...