Vivlio Health is committed to safeguarding and protecting all clinical and administrative data we receive, transport, store, share or discuss. Our promise to do this is one we take conscientiously and will always be a priority in every way we conduct business and use the data and information we are entrusted with. We impose strict physical, technological and administrative safeguards to maintain and ensure we keep our promise. We use the most secure technology and partners available today, require rigorous employee training and enforce written policies to ensure full compliance with HIPAA and all Federal or State laws to ensure the legal, ethical and secure handling of clinical data and information.
We realize that clinical patient data is the most sensitive and personal information regarding a patient’s health. Safeguarding that data requires a multi-layered approach and includes: leveraging proven, world class technology, on-boarding employees that have gone through rigorous training, and employing stringent authentication and log in protocols for both clients and employees that leverage best in breed practices. To ensure our data, facilities and processes are safe, we will ensure and verify our safe environment using rigorous third-party verification.
Vivlio Health has selected best of breed technology partners that maintain the highest levels of security in the industry and are used by countless healthcare systems, health IT companies, and the US Federal Government including Amazon Web Services.
We are powered and backed by Amazon Web Services (AWS) infrastructure and services.
AWS cloud computing environment is highly secure, reliable and is widely used across the healthcare industry. AWS customers leverage multiple AWS data centers and a network architected to protect highly sensitive healthcare information, identities, applications, and devices. With AWS, Vivlio clients exceed core security and compliance requirements, such as data locality, protection, and confidentiality. Importantly, AWS maintains top tier healthcare certifications, including HiTrust and SOC II.
In conjunction with Vivlio’s other technology partners, Vivlio controls where our clients’ data is stored, who can access it, and what resources any health system is consuming at any given moment. Highly specific and targeted identity and access controls combined with continuous monitoring for near real-time security information ensures that the appropriate resources have the right access at all times.
Vivlio is vigilant about your privacy and the privacy of your patient community. With AWS, Vivlio is built on the most secure global infrastructure, maintains controls of our clients’ data, including the ability to encrypt it, move it, and manage retention. All data flowing across the AWS network that interconnects its datacenters and regions is automatically encrypted at the physical layer before it leaves AWS’ secured facilities.
With AWS, Vivlio’s cloud-based application was built on high-performing, resilient, and efficient infrastructure. World-class security experts who monitor this infrastructure also build and maintain a broad selection of innovative and proprietary security services, which ensure Vivlio meets the rigorous privacy and security standards of the healthcare community.
Vivlio Health is built using a serverless architecture so that there are no single points of failure. Vivlio Health is fully redundant across all of our data centers.
Vivlio Health tests and maintains Disaster Recovery and Business Continuity plans to help ensure a high level of continuous service, even in the face of a geographical disaster. Backups are continuously mirrored to other AWS data centers in geographic locations.
A good security strategy should never rely on just one thing, which is why Vivlio Health uses redundant layers of protection throughout our stack.
Your data in Vivlio Health belongs to you and your patients. Vivlio Health will never use your confidential information unless expressly permitted by you or your patients.
We have obtained strict HIPAA Compliance based on Audits, policies, procedures, training, and proper documentation.
To ensure full compliance with HIPAA, HITRUST and applicable Federal and State laws and regulations related to the use of protected clinical data and information, Vivlio Health uses a third-party assessment entity for verification that all clinical data and information is safe, secure, and only used as authorized.
Our third-party assessor ensures that we have the required policies, procedures, and safeguards in place to:
- maintain the safe and secure use of clinical data and information,
- identify and address potential breaches,
- have the necessary Business Associate Agreements (BAAs) in place,
- inform and educate all employees about HIPAA and the safe, private and secure handling of protected health data.