Protecting patient data

Information is transferred via secure communication software that encrypts and uploads the patient data to CardioScan servers. The information is securely transferred over HTTPS using SHA-2 encryption.

External interfaces are limited to HTTPS (port 443). The service is protected from external threats by a web application firewall that blocks non-required ports and performs deep, packet-level inspection of all web traffic.

CardioScan’s BeatBox is a purely cloud platform and no information is stored on local machines or mobile devices. The platform is built as a multitenant structure with 5 levels of hierarchy which is segregated based on each level per user and can be controlled by either the Customer or CardioScan.

CardioScan’s AWS environment is architected as a multi-layered, highly-available and secure service. Transparent data encryption (TDE) is used to automatically encrypt data at rest in the database using a 256-bit AES encryption algorithm. Files stored in object stores are also encrypted at rest using AES-256 server-side encryption.

Data is stored in Amazon Web Services where physical security is maintained 24×7. This includes the controlling of physical data centre access to approved employees only and the monitoring and logging all activity through sophisticated surveillance and detection systems.

More information

Access to the BeatBox system is controlled through a user ID and password and a second authentication factor eg. Soft token if enabled for the user and organisation. The system uses role bases access control and a multi-layer organisational hierarchy to determine whether data is accessible to a user.  Within configuration BeatBox supports and can enforce the use of complex passwords, password expiry, password history, minimum password length, session timeout and maximum login attempt lockout.

The policy for retaining records is defined by customer. Records will be retained indefinitely or as per agreement. On request or as per agreement, CardioScan will delete the customer’s data from the BeatBox service and associated data stores as agreed. Data stored in AWS filesystems and object storage services will not be accessible once deleted and the reference to the data is removed.