Updox employs several tactics to protect information from theft, misuse, unauthorized access, disclosure, alteration, and destruction.
All Updox computer systems are protected by user authentication, firewalls, encryption, malware prevention, and intrusion detection. Protected health information is never stored on mobile devices.
During transmission, information is secured via Transport Layer Security (TLS) which encrypts the information and prevents eavesdropping and tampering.
Information is encrypted at rest and stored in data centers with layered access controls (FOB, PIN biometrics), anti-tailgating mantraps, access record retention, and closed circuit TV. The data centers are SOC1 (SSAE 16) and SOC2 Type 2 audited, HIPAA, PCI, IRS 1075, and Tier IV data center standards compliant. The data centers have been purpose-built with hardened single-story structures and fully redundant infrastructures to support the continuous operation of hosted mission critical assets. Facility design and construction provide assurance that operations are protected against unauthorized access, fire, floods, high winds, power outages, network issues and other hazards. For fire prevention the facilities are free of flammable materials, use Pre-Action pressurized air-dry pipes with two sensors required to release water, and are exempt from power off during a fire event. For flood prevention the facilities have raised floors, 20-inch cement-embedded exterior walls, dual roofs, and are located in a geographic high point outside of flood plains.
Updox does not store or process credit card information.
Updox undergoes an annual 3rd party security assessment and a bi-annual EHNAC accreditation that evaluates our security protocols.
All Updox employees undergo annual training on Updox security procedures as well as HIPAA Privacy and Security policies.
Contact Us: If you have any questions regarding this Security Statement, please contact us at firstname.lastname@example.org.