Clearwater Safeguards your Sensitive Compliance Information in their Software-as-a-Service Solutions

Clearwater Safeguards your Sensitive Compliance Information in the Saas SolutionsClearwater Compliance LLC maintains the highest standards for the Confidentiality, Integrity and Availability of your sensitive compliance information in their assessment and analysis tools.  As a Software-as-a-Service Provider, our software and Rackspace hosting center complies with the highest safeguards.  The following are the controls and safeguards in place for the Clearwater HIPAA Risk Analysis™ and the Clearwater HIPAA Security Assessment™ Software:

  • All data is transmitted securely over an encrypted SSL/TLS connection.  TLS is an acronym for Transport Layer Security, a feature of servers designed to secure the transmission of messages from one server to another using encryption technology. TLS can reduce the risk of eavesdropping, tampering, and message forgery communications.  The TLS security protocol is published by the Internet Engineering Task Force (IETF).
  • The networking and security teams working in the Rackspace data centers be must certified. It is also required that they be thoroughly experienced in managing and monitoring enterprise level networks.
  • Robust encryption is used on all passwords that provide access to the software.
  • The latest server hardening, firewall, intrusion detection systems are in place to protect the data center from cyber attacks.
  • A process of Risk Management and regular and thorough Risk Analysis are in place are ongoing.
  • Only fully redundant, enterprise-class routing equipment is used.
  • Keycard protocols, biometric scanning protocols and round-the-clock interior and exterior surveillance monitors safeguard access to the data center.  Only authorized data center personnel are granted access credentials to the Rackspace data centers. No one else can enter the production area of the datacenter without prior clearance and an appropriate escort.
  • Every data center employee undergoes multiple and thorough background security checks before they’re hired.

Our Business Continuity and Data Backup and Recovery programs provide the highest level of availability and integrity of your information;

  • Customer data is backed up every 15 minutes to a separate remote location.
  • In the event of catastrophic system failure or data loss at the primary site the software and customer information can be returned to operations in under one hour in most circumstances.
  •  The Rackspace data center’s HVAC (Heating Ventilation Air Conditioning) system is N+1 redundant. This ensures that a duplicate system immediately comes online should there be an HVAC system failure.
  • The data center’s advanced fire suppression systems are designed to stop fires from spreading in the unlikely event one should occur.
  • Should a total utility power outage ever occur, the Rackspace data center’s power systems are designed to run uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power.   Our UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails.

To report an incident or a a concern or for additional information please contact, Mary Chaput, our Compliance officer.

 

Jon Stone

VP of Product Innovation at Clearwater Compliance
Jon has a unique breadth of experience with a combined 25 years’ experience in healthcare, working in the provider, payer and healthcare quality improvement fields. For the last 15 years Jon has provided strategic leadership for compliance and healthcare technology projects involving the most sensitive ePHI for companies such as CIGNA, Healthways and Ingenix. He is Clearwater’s VP of Product Innovation, and helps provide HIPAA Security and Privacy SaaS (Software as a Service) for the healthcare industry.