There are a number of steps we take to ensure you and those you have authorized are the only ones who can access your company’s data and that your privacy is respected.
All data is stored electronically in the United States (eastern and western regions) on the Azure App Services infrastructure. The database containing your data is only accessible from the application servers and no outside sources are allowed to connect to the database.
Data access and authentication
Only PHIflow engineers which require such access to perform their job efficiently are given access. Engineers are given different access rights on different system components based on job requirements. Engineers who do have access, have their own credentials and these are only valid when used from specific IPs with two-factor authentication.
Data access and backup
At PHIflow, we keep your data safe in the case of system failure. Our database supports point-in-time restore (PITR) by creating full backups weekly, differential backups every 12 hours, and transaction log backups every 5-10 minutes, with the frequency based on the performance level and amount of database activity. The PITR backups are geo-redundant and protected by Azure Storage cross-regional replication.
Architecture & Security
Data in transfer is encrypted and authenticated using TLS 1.2, ECDHE_RSA with P-256 key exchange and AES_256_GCM cipher. The web application firewall (WAF) provides centralized protection from common exploits and vulnerabilities. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
PHIflow is a data and technology company combining artificial intelligence and legal expertise to help companies understand their HIPAA Business Associate Agreement (BAA) risks and requirements.
530 7th Avenue, M1, New York, NY 10018