Security
Security of electronic medical records
Ninsaude Apolo`s infrastructure is certified to comply with various standards and controls to ensure the safety of electronic medical records.
Keep your patients' confidential information safe.
Security
Ninsaude Apolo`s infrastructure is certified to comply with various standards and controls to ensure the safety of electronic medical records.
Keep your patients' confidential information safe.
Geographic location
Ninsaúde Apolo utilizes more than 30 data centers spread across South America, North America, Europe, Asia and the Pacific, and with this distribution we absorb distributed attacks.
End to End Security
We work with end-to-end security and Grid A quality encryption that protects data in transit from key Internet vulnerabilities.
High Availability
We use high-availability (HA) technology to keep services up and running even with hardware, software and power failures.
Encrypted Data
We use AES-256 encryption with symmetric keys that are also encrypted with master key stored in keystore. Additionally, the master key is changed regularly.
Our infrastructure is certified to comply with a variety of standards and controls, as well as independent third-party audits to test data protection, privacy, and security.
Data Encryption
Cloud platform services always encrypt client-stored content at rest without any action by the client, using one or more cryptographic mechanisms. These same policies and key management are adopted by Google and Gmail.
Data access
The application layers and storage stack of Ninsaude Apolo infrastructure require that requests received from other components be authenticated and authorized. The access of production administrative engineers to applications is also controlled.
Physical security
Data centers are equipped with custom electronic access cards, alarms, gates that control vehicle access, perimeter insulation, metal detectors, biometrics and laser intrusion detection system.
Deactivating damaged disks
After disabled from the system, hard drives with customer information go through a process of data destruction before being removed from the data center facilities. The data is deleted from the disks by authorized persons by a process approved by the Security Team.
Ask questions about security
If you use systems with end-to-end protection, yes. This protection is provided through data encryption before transmission, endpoint authentication and, finally, decryption and verification of data on arrival. Ninsaúde Apolo uses end-to-end protection and modifies the security keys, used to authenticate endpoints, every three months. However, it is computationally unviable to find out what the security keys are.
If you use your own infrastructure to store patient information, yes. Ransomware is a type of malicious code that makes data inaccessible on a computer and that requires ransom payment to re-establish access. Every 40 seconds a company is hit and the average redemption value is one thousand dollars. Ninsaúde Apolo uses protection against Ransomware attacks.
You must control the users' life cycle, authentications, access permissions and access monitoring. Ninsaúde Apolo allows you to control the life cycle of users, limit the lifetime of authentications to 15 minutes, configure access permissions for any screen, report and information, and monitor access by user, date, time, city, geographic location ( latitude and longitude) and IP address.
You need to define what data will be copied, frequency of the process, type of backup to be performed, storage location (tapes, HD or cloud), process evaluation metrics and employees involved in the process. Ninsaúde Apolo automatically performs backups every day.