Security Overview

MedPrizm Analytics is an analytics app for DSOs helping them with real time insights. DSOs trust MedPrizm Analytics to keep their data safe and secure every day, and we take that duty seriously. We are dedicated to making MedPrizm Analytics a secure and reliable analytics platform. We are committed to protecting your personal and organizational data, and ensuring secure collaboration within our software, which is why we strive hard and continue to invest in regularly getting the security compliance of our services to meet and exceed industry standards.

End to End Security

MedPrizm Analytics is hosted entirely on Amazon Web Services (AWS), providing in-built end-to-end security and privacy features. Our team takes additional proactive measures to ensure a secure infrastructure environment. For additional, more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.

Server Security

MedPrizm Analytics hosts all customer data on AWS cloud-based servers within the US region. Typical data includes system and user-generated contents, including but not limited to reports, providers, provider types, release information, and more such relevant data.

Deployments are automated to all machines, and all machines with access to MedPrizm Analytics data have SSH disabled to prevent any unauthorized access to customer data.

Communications

All data exchange between MedPrizm Analytics’s web/mobile clients and MedPrizm Analytics servers is done via the HTTPS protocol. MedPrizm Analytics always uses an SSL connection.

Privacy Controls

MedPrizm Analytics provides in-app admin controls for some of the integrated third-party applications, in the form of both user and object-level permissions, and the ability to define such third-party applications which may be used within MedPrizm Analytics. It may be noted that not all third party integrations can be controlled through such interface as they are controlled at the system level, keeping the stated MedPrizm Analytics Privacy objectives in mind.

Data Storage & Backup

MedPrizm Analytics data is stored on AWS in RDS and S3, and access is limited to machines that need read and write access to the data. We also do incremental, encrypted backups of the database every day and keep the snapshots for 7 days to Amazon S3 which is designed to offer 99.9% durability for the data in the event of a problem or catastrophic failure of RDS. The RDS is backed every day at specific time and last 7 backups are stored. The RDS is encrypted hence the snapshots of the RDS are also encrypted.

Data Center Security

MedPrizm Analytics customer data is hosted by Amazon Web Services (AWS), which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.

AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here.

Employee Access

No MedPrizm Inc. employee will ever see customer data unless required to do so for support reasons. If you reach out with a support issue which requires us to access your data, we will do so with your prior permission. We have an audit trail of customer data access to prevent misuse. We would only access your customer data without your permission in the event of a rare, emergency service incident that is causing system-level outage.

Password Security

We use the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST.

MedPrizm Analytics also offers two-factor authentication, or 2FA, as an additional security measure when accessing your MedPrizm Analytics account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.

Credit Card Safety

Your credit card information is collected securely using HTTPS. We use the Stripe payment gateway using AES-256, which is fully PCI-DSS compliant. We never store your credit card details or CVV number. Learn more about the Stripe security policy.

When you choose a pricing plan at the end of the trial period with MedPrizm Analytics, your credit card information is handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or view your credit card information.

For Additional Information

If you have any questions or queries, contact us at support@medprizm.com.