Security of electronic medical records

Ninsaude Apolo`s infrastructure is certified to comply with various standards and controls to ensure the safety of electronic medical records.

Security

Enhanced protection


Keep your patients' confidential information safe.

South America, North America, Europe, Asia and the Pacific


Geographic location

Ninsaúde Apolo utilizes more than 30 data centers spread across South America, North America, Europe, Asia and the Pacific, and with this distribution we absorb distributed attacks.

End to End Security

We work with end-to-end security and Grid A quality encryption that protects data in transit from key Internet vulnerabilities.

High Availability

We use high-availability (HA) technology to keep services up and running even with hardware, software and power failures.

Encrypted Data

We use AES-256 encryption with symmetric keys that are also encrypted with master key stored in keystore. Additionally, the master key is changed regularly.


Compliance and certifications

Our infrastructure is certified to comply with a variety of standards and controls, as well as independent third-party audits to test data protection, privacy, and security.




Security certifications ISO 27001, ISO 27017, AICPA SOC, ISAE 3402, AICPA SOC 3, SSAE 15
Security certifications


Protection and use of data HIPAA, ISO 27018, PCI DSS, PRIVACY SHIELD
Protection and use of data

Technical info

Data Encryption

Cloud platform services always encrypt client-stored content at rest without any action by the client, using one or more cryptographic mechanisms. These same policies and key management are adopted by Google and Gmail.

Data access

The application layers and storage stack of Ninsaude Apolo infrastructure require that requests received from other components be authenticated and authorized. The access of production administrative engineers to applications is also controlled.

Physical security

Data centers are equipped with custom electronic access cards, alarms, gates that control vehicle access, perimeter insulation, metal detectors, biometrics and laser intrusion detection system.

Deactivating damaged disks

After disabled from the system, hard drives with customer information go through a process of data destruction before being removed from the data center facilities. The data is deleted from the disks by authorized persons by a process approved by the Security Team.


Tips for keeping your patient data safe

Ask questions about security

Interrogation

Is my patient's information secure on my clinic's Wi-Fi network?

If you use systems with end-to-end protection, yes. This protection is provided through data encryption before transmission, endpoint authentication and, finally, decryption and verification of data on arrival. Ninsaúde Apolo uses end-to-end protection and modifies the security keys, used to authenticate endpoints, every three months. However, it is computationally unviable to find out what the security keys are.

Can my clinic fall victim to a Ransomware attack?

If you use your own infrastructure to store patient information, yes. Ransomware is a type of malicious code that makes data inaccessible on a computer and that requires ransom payment to re-establish access. Every 40 seconds a company is hit and the average redemption value is one thousand dollars. Ninsaúde Apolo uses protection against Ransomware attacks.

How can I avoid leaking information by former employees at my clinic?

You must control the users' life cycle, authentications, access permissions and access monitoring. Ninsaúde Apolo allows you to control the life cycle of users, limit the lifetime of authentications to 15 minutes, configure access permissions for any screen, report and information, and monitor access by user, date, time, city, geographic location ( latitude and longitude) and IP address.

How do I maintain a backup policy at my clinic?

You need to define what data will be copied, frequency of the process, type of backup to be performed, storage location (tapes, HD or cloud), process evaluation metrics and employees involved in the process. Ninsaúde Apolo automatically performs backups every day.