What is Covered
The Healthcare Blocks platform helps organizations comply with the HIPAA Security Rule by handling specific physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Healthcare Blocks environments are security-hardened by applying industry standards and best practices to ensure the storage and transmission of PHI is protected against theft and unauthorized access. See more details below.
Want to learn more about the HIPAA basics? Download our HIPAA Primer White Paper.
Unrivaled Encryption and Security
- Data is encrypted at rest using AES encryption with 256-bit keys, as recommended by the National Institute of Standards and Technology (NIST) and Federal Information Processing Standard (FIPS).
- Digital signatures related to cryptography operations use the elliptic curve digital signature algorithm (ECDSA).
- Transmitted PHI is encrypted using strong TLS (predecessor to SSL) ciphers configured for perfect forward secrecy. Insecure TLS ciphers are disabled per NIST recommendations.
- Virtual machine filesystems are regularly scanned for file integrity, malware, and rootkits.
With Healthcare Blocks, Your Data is Safe
- All data stored in Healthcare Blocks is safe and recoverable, protecting customers against accidental loss or mistakes.
- Disk volumes leverage a fault-tolerant, high-availability storage system.
- Nightly snapshots create a backup of each disk volume.
Advanced Environment Configuration
- High availability configurations for application and database instances are available in Healthcare Blocks and are recommended for avoiding perceived downtime if a node fails or is unresponsive. High availability environments are configured to automatically replicate data; if one instance fails, another one is immediately available. In addition to standard master-slave database replication options (and MongoDB replicasets), a multi-master configuration is available for MySQL/MariaDB.
- High availability instances are configured to run in separate Amazon Web Services availability zones, each possessing an isolated power system and backup generators. In the event of a network failure, natural disaster, and other sources of downtime within a single zone, a load balancer will continue to send traffic to healthy nodes only.