Privacy, Security, & HIPAA Compliance
We built the Sober Living App on our HIPAA compliant platform.
The three components of a secure cloud software platform.
INDUSTRY STANDARDS and BEST PRACTICES
We have implemented the recommendations of National Institute of Standards and Technology (NIST) and Federal Information Processing Standard (FIPS) so our data is encrypted at rest using AES encryption with 256-bit keys.
We use the elliptic curve digital signature algorithm (ECDSA) for our digital signatures related to cryptography operations.
Transmitted PHI is encrypted using strong TLS (predecessor to SSL) ciphers configured for perfect forward secrecy. Insecure TLS ciphers are disabled per NIST recommendations.
Network access to virtual machines is inspected in real time and permanently logged.
Network traffic routed within each customer environment travels through an isolated, non-shared subnet.
SSH access to application environments is configured per the Center for Internet Security (CIS) benchmark recommendations.
Network traffic can be restricted to specific whitelisted IP addresses or VPN connections on a per environment basis.
Intrusion attempts are automatically identified and blocked on a per IP address basis for a significant duration of time, mitigating SSH dictionary attacks and other malicious behavior.
DATA STORAGE BUILT FOR PEACE OF MIND
Our software is hosted on the HIPAA compliant cloud servers of Amazon Web Services.
All data stored in the Sober Living app is safe and recoverable, protecting customers against accidental loss or mistakes.
Database backups are encrypted and stored in a highly durable storage infrastructure (99.999999999% durability and 99.99% availability).
Disk volumes leverage a fault-tolerant, high-availability storage system.
Nightly snapshots create a backup of each disk volume.
For data integrity purposes, database backups are automatically enabled based on a consistent schedule, sensible rotation, and retention policy.
Monthly backups are retained for 6 years by default.
PLATFORM OPS SECURITY AND COMPLIANCE ROUTINES
Analysis of intrusion detection system data for anomalous activity and system issues
Virtual machine filesystems are regularly scanned for file integrity, malware, and rootkits.
Audits of firewall rules and IP address whitelists
Maintaining base images for Docker containers used in our platform
Review of published vulnerabilities and exposures
HIPAA compliance requires a number of best practices to be established and maintained internally at your business.
We help you handle that by centralizing your information in the Sober Living App.
User Roles & Permissions
Access control to our system is managed through our user roles.
Each employee is assigned a user role when they are added and are governed by permissions.
See employees for more information.