VaxCare Corporation is committed to conducting business in compliance with all applicable laws and regulations. VaxCare has adopted Information Privacy and Security policies and procedures in accordance with HIPAA and HITRUST regulations, which outline the security measures required to protect electronic information systems and related equipment from unauthorized use.
The security of each of our Partner’s accounts and electronic Protected Health Information(ePHI) is of the utmost importance to VaxCare and we have gone above and beyond the standard security requirements to protect this data. VaxCare has attained a HITRUST Certification maturity score of 4+, which is above the Healthcare industry standard score of 3. VaxCare is dedicated to protecting information assets, personal data, and client information whenever and wherever they are created, processed, transmitted or stored.
The implementation of data privacy and information security safeguards and practices is managed through a centralized Compliance and Security Team. The mission of the Compliance and Security Team is to protect information assets, systems, and network from unauthorized collection, retention, use, disclosure, modification, or destruction.
Some of the technologies and practices VaxCare has implemented to protect our Partners and their information include the following:
Access to VaxCare systems and network is managed through comprehensive Access Control policies and procedures involving use of strong password requirements, user authorization, and authentication.
Sensitive data/ PHI is hosted in HIPAA/HITRUST compliant Azure cloud-based virtual servers, specially configured to be hardened against attacks and compliant with all regulations.
All VaxCare employees, temporary workers and subcontractors are required to receive Information Security and Privacy training at least on an annual basis.
VaxCare makes use of:
- HIPAA and HITRUST compliant encryption of our database. All PHI data is hashed/encrypted using SHA-512 and AES-256.
- HIPAA compliant hosting architecture on enterprise level cloud solution.
- Web pages and APIs are secured with 128-bit Secure Socket Layer encryption.
- Advanced key management and encryption.
- Application level monitoring and intrusion protection.
- Firewall management.
- Log retention.
- Managed and secure backup and disaster recovery.
- Version control and security updates.
- Credit card transactions (if applicable) processed using secure encryption on a PCI compliant network.
- Centralized and structured patching windows for all servers and workstations.
VaxCare secures information assets through the use of a managed and monitored data privacy and information security program. We understand the importance of taking the appropriate steps to safeguard information assets and is committed to protecting information relating to our Partners and their patients.
VaxCare aligns its information security and data privacy efforts with regulatory federal and state specific governance and best industry practices to provide a reliable and unified vision around the protection of information assets, personal data, and Partner information.
We subject our applications and systems to data privacy and information security risk analysis and review, which enable a consistent approach to risk mitigation and secure operation of data processing.
VaxCare makes use of several physical, technical, and administrative security measures to protect personal data within our network.
VaxCare provides assurance that third-party contracts contain provisions that are proportionate to our own policies, practices, and controls to ensure all data is managed properly and securely, in accordance with legal and regulatory requirements.