PRIVACY + SECURITY
Vivlio Health is committed to safeguarding and protecting all clinical and administrative data we receive, transport, store, share or discuss. Our promise to do this is one we take conscientiously and will always be a priority in every way we conduct business and use the data and information we are entrusted with. We impose strict physical, technological and administrative safeguards to maintain and ensure we keep our promise. We use the most secure technology and partners available today, require rigorous employee training and enforce written policies to ensure full compliance with HIPAA and all Federal or State laws to ensure the legal, ethical and secure handling of clinical data and information.
We realize that clinical patient data is the most sensitive and personal information regarding a patient’s health. Safeguarding that data requires a multi-layered approach and includes: leveraging proven, world class technology, on-boarding employees that have gone through rigorous training, and employing stringent authentication and log in protocols for both clients and employees that leverage best in breed practices. To ensure our data, facilities and processes are safe, we will ensure and verify our safe environment using rigorous third-party verification.
Vivlio Health has selected best of breed technology partners that maintain the highest levels of security in the industry and are used by countless healthcare systems, health IT companies, and the US Federal Government. Our two core technology partners are Salesforce.com and Amazon Web Services.
Salesforce
Salesforce has implemented many safeguards and requirements outlined by the HIPAA Security Rule to secure and protect valuable information. Salesforce contributes to keeping ePHI secure in the Salesforce Services by implementing security safeguards that apply to all customers by default such as: continually monitoring the services for security violations, encrypting all data in transit, storing user passwords in the SHA-256 one-way hash format, providing customer administrators with configurable tools to maintain strict password security policies which govern access, providing customer administrators with configurable tools to define user profiles and permission sets governing data visibility, and by providing customer administrators with configurable tools to define a companywide sharing model, a role hierarchy, and security rules governing data access.
Vivlio Health has acquired an added layer of security through Salesforce called Salesforce shield. Designed for the healthcare community, Salesforce Shield offers the strongest layer of encryption and protection in the industry, providing a level of security leveraged by highly sensitive organizations like the Department of Defense, the EU-U.S. and Swiss-U.S. Privacy Shield framework, and hundreds of health IT companies domiciled in the United States that rely on the strength and security of the Force.com platform. Importantly, Vivlio Services powered by Salesforce are both HiTrust and SOC II certified. More information on Salesforce and Salesforce security and compliance can be found here: https://compliance.salesforce.com/en
We are powered and backed by Amazon Web Services (AWS) infrastructure and services.
AWS cloud computing environment is highly secure, reliable and is widely used across the healthcare industry. AWS customers leverage multiple AWS data centers and a network architected to protect highly sensitive healthcare information, identities, applications, and devices. With AWS, Vivlio clients exceed core security and compliance requirements, such as data locality, protection, and confidentiality. Importantly, AWS maintains top tier healthcare certifications, including HiTrust and SOC II.
In conjunction with Vivlio’s other technology partners, Vivlio controls where our clients’ data is stored, who can access it, and what resources any health system is consuming at any given moment. Highly specific and targeted identity and access controls combined with continuous monitoring for near real-time security information ensures that the appropriate resources have the right access at all times.
Vivlio is vigilant about your privacy and the privacy of your patient community. With AWS, Vivlio is built on the most secure global infrastructure, maintains controls of our clients’ data, including the ability to encrypt it, move it, and manage retention. All data flowing across the AWS network that interconnects its datacenters and regions is automatically encrypted at the physical layer before it leaves AWS’ secured facilities.
With Salesforce and AWS, Vivlio’s cloud-based application was built on high-performing, resilient, and efficient infrastructure. World-class security experts who monitor this infrastructure also build and maintain a broad selection of innovative and proprietary security services, which ensure Vivlio meets the rigorous privacy and security standards of the healthcare community.
Fault Tolerant
Vivlio Health is built using a serverless architecture so that there are no single points of failure. Vivlio Health is fully redundant across all of our data centers.
Disaster Recovery
Vivlio Health tests and maintains Disaster Recovery and Business Continuity plans to help ensure a high level of continuous service, even in the face of a geographical disaster. Backups are continuously mirrored to other AWS data centers in geographic locations.
Defense-in-depth
A good security strategy should never rely on just one thing, which is why Vivlio Health uses redundant layers of protection throughout our stack.
Data Stewardship
Your data in Vivlio Health belongs to you and your patients. Vivlio Health will never use your confidential information unless expressly permitted by you or your patients.
HIPAA Compliance
We have obtained strict HIPAA Compliance based on Audits, policies, procedures, training, and proper documentation.
To ensure full compliance with HIPAA, HITRUST and applicable Federal and State laws and regulations related to the use of protected clinical data and information, Vivlio Health uses a third-party assessment entity for verification that all clinical data and information is safe, secure, and only used as authorized.
Our third-party assessor ensures that we have the required policies, procedures, and safeguards in place to:
- maintain the safe and secure use of clinical data and information,
- identify and address potential breaches,
- have the necessary Business Associate Agreements (BAAs) in place,
- inform and educate all employees about HIPAA and the safe, private and secure handling of protected health data.