It is common knowledge that information, particularly patient information, is a much sought-after target of cybercriminals around the world. No country or business is truly immune to this ever-present threat. Consequently, management of our operations and our relationships is of paramount importance.
We at InvisALERT Solutions are aware of these facts and of the potential for our platform and our customers systems to be exposed to these assaults. From our earliest operations, we have designed and built our platform to embed features and components that will make the ObservSMART system secure in its operation. In this memorandum, we want to illustrate how we accomplish this, and through it, provide our customers and their data with a solid, reliable and secure platform.
ARCHITECTURE
We employ the best-practice approach of “secure in design, secure by default”. Our architects and developers are experienced in methods of secure design for our platform and its functionality. Together, they carefully plan how its modules will connect and interact, how the information will flow into, through and out of our system to its destination in our customers’ systems. This approach enables us to identify any weaknesses, gaps and single points of failure to ensure they are corrected.
Our system receives testing at all levels: each process, each module and the entire system. We do this to verify that our design process and our build and integration processes produce the secure system intended. We then create procedures that will ensure that operations keep it that way.
REGULATORY AND COMPLIANCE
Working exclusively in healthcare, we thoroughly understand the compliance requirements that must be met by our customers as well as our own. We ensure that these requirements are carefully researched and factored into our designs and operations. Our technical staff are thoroughly experienced in incorporating security of function with user-enabling operation to achieve the optimum balance of protection and performance.
The operational landscape in healthcare is very complex and highly regulated. To make sure we keep up with the continuous changes in the law and various rules, our Chief Information Security and Privacy Officer stays continuously in touch with the most reliable sources and authorities of current information in these areas. This makes certain that we know what is coming out, can study it and prepare to adapt to what changes come. Once the final version is published, identified changes are implemented and verified as correct.
RISK MANAGEMENT
We make every effort to be the strongest link in our customers supply chain. We accomplish that by creating a rigorous privacy and security program that includes carefully vetting our vendors and suppliers to ensure they emphasize these areas. We routinely train and inform our workforce members regarding best practices to ensure our own house is in order.
A foundational element of our program is the attainment of the industry’s most stringent privacy and security standard: the HITRUST r2® Certification. Using this as our baseline, we engage in industry standard risk management methods to ensure we stay on top of current concerns and emerging threats so be prepared to successfully defend against them if and when they occur.
OUR WORKFORCE MEMBERS
Of course, no program like this will succeed without ensuring those who make it work are as strong in their skills and knowledge as the technologies and practices they use to do it. We start by employing the best professionals with the right mixture of knowledge, qualifications and experience. Then we ensure they keep their skills sharp, their certifications up to date and their knowledge current through training and awareness events.
We make sure they have the understanding and commitment to our organization’s mission to provide state of the art technology and service to our customers in support of their mission. By keeping them sharp and engaged in the customer success process, they appreciate the impact of their work and how they contribute to maintaining the high level of protection InvisALERT Solutions delivers to each customer.
THE INVISALERT SOLUTIONS PHILOSOPHY
We at InvisALERT Solutions believe that the more secure we are, the better our relationships with our customers will be. Treating the privacy and security of our customer’s information with the seriousness it requires will protect our customer and ourselves from these ever-present threats. And by keeping this supply chain secure, that strong protection ultimately extends to our mutual patient by keeping their information safe, trustworthy and only where it belongs.
This is a commitment we work hard to keep to every customer every day all day. We do whatever it takes to ensure that InvisALERT Solutions is the strongest link in our customers’ supply chains every day.
TO LEARN MORE
We strive to communicate clearly about the importance of strong protections over patient data and how our program is structured to achieve this. Whether you are a current customer or are considering adopting our technology to enhance your organization’s effectiveness, we welcome your inquiries and will be happy to answer your questions.
Please send an email to us at info@invisalertsolutions.com with either “Privacy” or “Security” in the subject line, and a member of our Privacy and Security staff will respond with 48 hours.
Ross A. Leo
FABCHS, CISSP, CCSFP, CDPSE, HCISPP, CCSA
Chief Information Security Officer (CISO)
Certified Data Privacy Solutions Engineer
Certified HITRUST CSF Practitioner
Certified Cybersecurity Architect