Arklign Security Policy

Learn how we encrypt, protect, and back up your data

 

We built Arklign with security at its core. We protect your patients’ and doctors’ sensitive information to meet HIPAA and HITECH security standards. Security and Compliance is a shared responsibility between Arklign and the customer. Arklign does not control how the covered entity uses Arklign services to use and disclose PHI. It is the customer’s responsibility to only use Arklign services to use and disclose PHI in a manner permissible under HIPAA.  Arklign does not deal directly with the patient. Here’s the list of responsibilities.

 

We encrypt your sensitive information

All your transmitted data are encrypted with SSL (TLS 1.2 ECDHE-RSA-AES256-GCM-SHA256 in Chrome/Firefox), the same standard used by the world’s leading financial institutions. We add an additional layer and encrypt your data at rest with the industry standard AES-256 encryption algorithm.  For users, all passwords are hashed using the Bcrypt algorithm.

 

We protect your data in a secure physical location

All your data is securely stored off-site in our own dedicated instance of the Amazon Web Services (AWS) Elastic Compute Cloud. AWS is ISO 27001 certified and all of their data centers are staffed 24/7/365 by trained security guards, with access granted strictly on a “least privileged” basis. We also keep a real-time audit log of all logins and changes made by users.

 

We backup your data to prevent loss and downtime

All your data is backed up and stored on separate instances in AWS to prevent data loss. We implemented disaster recovery measures to minimize downtime to ensure our platform stays available and up-to-date.

 

Customer Responsibility

Customer will be responsible for user access and PHI data.  The customer will control user access and roles, set policy for Patient ID, and manage the devices that access the Arklign Platform.