Purpose: This document details the steps we take to ensure the privacy and security of your protected health information (PHI) while allowing you to connect with healthcare groups that provide you with their services.
How does Solera Health keep protected health information safe and private?
Summary: Solera ensures the safety of your health information in digital storage, like a virtual, locked file cabinet. As part of this, Solera obeys all laws on securing your protected health information and keeping it private.
In the world of healthcare, information security is vital. Companies that deal with patient’s personal health information must meet key healthcare regulations for securing all data. When health information was only on paper, security was as simple as using a locked file cabinet. Present day, with the rise of digital information, companies need guidelines for how to store digital information securely and protect it from online threats.
The HIPAA Security Rule is the first set of national standards for protecting digital health information. The goal of this rule is to protect digital information that identifies you, while still allowing healthcare providers access to the information they need.
The HITECH Act gives more severe penalties for not protecting data. Solera Health fully understands these rules and has added security to our digital storage of your health information. This makes Solera Health a leading Cloud Solutions Integrator in healthcare.
To confirm our security, we have HITRUST security certification. Read more about HITRUST Certification below.
What is HITRUST CSF certification?
Summary: Solera Health is certified by the Health Information Trust Alliance (HITRUST) high-level security framework. With the HITRUST Certification, Solera Health can continue to grow while keeping our security.
HITRUST CSF was developed to deal with the many security, privacy, and regulatory challenges facing healthcare groups. It includes: federal and state rules, standards and frameworks, and including a risk-based approach. Groups with HITRUST certification meet a large and varied set of guidelines through broad security controls that grow with the company.
The HITRUST Common Security Framework (CSF) certification ensures all clients that Solera meets the healthcare industry’s highest standards in protecting healthcare information and managing risk from a data breech.
With the HITRUST CSF Certified status, Solera is unique as a company that you and our clients can trust with securing protected health information.
What does Solera Health do with protected health information?
Summary: We understand that Protected Health Information (PHI) is personal and private, and we are dedicated to keeping your PHI secure yet accessible as needed for your healthcare.
Part of Solera’s business is an exclusive Platform as a Service (PaaS), meaning it provides the structure to connect various groups to the information they need to provide you their service. Examples would be chronic disease prevention programs, such as the Centers for Disease Control (CDC) and Prevention’s National Diabetes Prevention Program.
We use technology to help others with: service referrals, reimbursement and payment, managing data, enrollment, and boosting consumer engagement.
Our protection of your information includes all administrative, technical, and physical safeguards needed. We store all Information you provide with an authorized and secure cloud services provider. You can read more about this at: https://soleranetwork.com/privacy-practices/
What technologies and practices does Solera Health use to safeguard protected health information?
Summary: Solera Health has years of experience building large scale software solutions and running secure online services using a robust set of security technologies and practices.
To safeguard your information, we:
- Control identity and user role access to our cloud platforms, data, and applications and enable Multi-Factor Authentication (MFA) for more secure sign-in
- Defend against threats and malware on all our cloud services
- Enforce intrusion detection, intrusion protection, distributed denial-of-service (DDoS) attack prevention, extensive monitoring, encrypted key management, regular penetration testing and audits, and data analytics and machine learning tools to help mitigate threats to the Solera systems.
- Report all security breaches to law enforcement, partners, patients and health companies, as required by law.
- Provide updated employee training and implement new policies and improve security. Special attention and training is provided to our employees to ensure they are taking all possible steps to protect our systems and the PHI we receive or generate.
- Encrypt all protected health information. This is covered further below.
How does Solera Health encrypt protected health information?
Summary: Solera employs many solutions to encrypt protected health information while allowing it to still be usable to authorized groups.
Solera’s platform encryption service protects data by using strong, certified standards. It does this while making every data field encryption-aware at the metadata layer, so that features that use encrypted fields still function. There’s no reason to sacrifice usability for security within the Solera platform.
To protect your data from threats, we:
- Use AES-256 secure encryption of data in transit and at rest
- Maintain a sophisticated, FIPS 140-2-certified, HSM-based, key management architecture, giving us complete control over the lifecycle of encryption keys
- Protect data in transit and at rest, including encryption of data, documents, applications, services, communications, and drives
- Offer support for and use many encryption mechanisms, including SSL/TLS, IPsec, and AES
- Use BitLocker Drive Encryption on all drives that contain sensitive information
- Restrict staff access to sensitive data to those with explicit permission and HIPAA training
- Use the latest protocol TLS 1.1 or higher to provide a more secure environment and continue API and PCI compliance
Does Solera meet the healthcare standards required by law?
Summary: Solera Health meets the highest standards required by laws, and takes the steps needed to continue this.
To confirm that our services meet the highest standards, we:
- Don’t disclose customer data to any business, individual or government agency unless required by law
- Conform to HIPAA and HITRUST industry healthcare specific requirements with a comprehensive, compliance framework
- Routinely test our Infrastructure using third party security companies who have certified that it passes high security controls standards
- Perform sweeping third-party audits to confirm that Solera Health meets standards needed in new security controls
- Provide regular training to all employees to follow HIPAA and HITRUST practices in securing PHI data and finding and reporting security breaches
- Employ a dedicated Security Compliance Team that assess risk on all new business decisions using established policies to safeguard all stakeholders
For any questions regarding Data Security or Compliance processes involving Data Security, please contact Solera Health’s Compliance at: firstname.lastname@example.org