Why Privacy and Security of your Healthcare data matters to us

At Santeware, We are committed to respecting your data privacy and concerns relating to product security. We also understand the importance of appropriate protection and management of any PHI (Protected Health Information) you might share with us. We have established this Privacy and Security Policy so that you can understand the care with which we intend to treat PHI/ Product/ Process insights. All of healthcare is heavily influenced by three letters–PHI (protected health information). For obvious reasons, the exchange of PHI is heavily regulated in an attempt to keep individual privacy intact and prevent harmful actors. Understanding compliance requirements and implementing best practices is step one to any healthcare integration strategy.

At the most basic level, you must ensure 256 bit AES encryption of all databases and enforce HTTPS at an endpoint layer. If your solution requires VPNs, you must enforce IPsec protocol to ensure all traffic within the VPN is encrypted and authenticated. Finally, you must have business processes in place that outline response and notification strategies in the event of a breach.

Privacy
Security

All staff members at Santeware are made aware of relevant external regulations as part of their induction and ongoing annual process and all staff who may come into contact with PHI are trained in our PHI handling processes. Personal Information means any information that may be used to identify an individual or business, including, but not limited to, name, company name, postal address, e-mail address, phone number and product commentary.

Santeware Overview

HIPAA & PHI Compliance

Santeware maintains a documented information privacy, security and risk management program with clearly defined roles, responsibilities, policies, and procedures which are designed to secure any information at Santeware’s Platforms. Santeware’s program, at a minimum:

  • Assigns data security responsibilities and accountability to specific individuals.
  • Describes acceptable use of Customer’s Platform.
    Enforces end user authentication requirements.
  • Describes audit logging and monitoring of customer production environments.
  • Describes appropriate risk management controls, security certifications and periodic risk assessments; Ongoing projects at Santeware receive annual internal HIPAA audits.
  • All employees of Santeware Healthcare Solution receive annual HIPAA Business Associate training.
HIPAA-PHI Compliance

Personal

Security Awareness

Santeware’s security awareness program requires associates to participate in mandatory education and training activities related to their specific role. These activities are designed to maintain the effectiveness of Santeware’s security posture and include:

  • Continuing education campaigns
  • Annual security training
  • Localized security training, and
  • Targeted security bulletins

Background Checks

Santeware’s applicant background check process varies based on the candidate’s potential role and applicable law. To the extent allowed by applicable law, background checks consist of:

  • Employment history dating back ten years
  • Education verification (highest degree), as required based on role
  • Criminal search dating back seven years
  • Aadhar card number verification

Subcontractors

Santeware requires subcontractors to assure the competency and eligibility of its employees who provide services to Santeware’s clients. Subcontractor personnel are required to complete background checks applicable to the services performed; such background checks must be at least as prescriptive as the background checks Santeware requires for Santeware associates.

Certifications and Audits

Santeware regularly conducts internal assessments and undergoes external audits to examine the controls present within the Platform and operations and to validate that Santeware is operating effectively in accordance with its Security Program.

HIPAA – Health Insurance Portability and Accountability Act of 1996

Santeware has established and maintains the necessary controls required for compliance with HIPAA (as amended by HITECH). HIPAA (internal or external) assessments take place on an annual basis and examine all appropriate corporate and client environments.

Changes to the Policy

This Privacy Policy is effective as of 06th June 2017. Santeware Healthcare Solutions reserves the right to make changes to this Privacy Policy. If changes are made, the revised policy will be posted here and will become effective once posted.

Changes to Policy

Frequently Asked Questions on our Privacy and Security standards and policies

Security Banner

At Santeware, understand the importance of appropriate protection and management of any PHI (Protected Health Information) you might share with us. We have established this Privacy and Security Policy so that you can understand the care with which we intend to treat PHI/ Product/ Process insights. For obvious reasons, the exchange of PHI is heavily regulated in an attempt to keep individual privacy intact and prevent harmful actors by identification and documenting multiple policies in order to provide complete privacy and security of any identified or non identifies PHIs. They are:

  1. Security Risk Assessment Policy
  2. PHI Security Improvement Plan
  3. Patient Information Privacy Policy
  4. Continuous development of Security-Centric Workflow Processes
  5. HIPAA training Policy
  6. Third-Party/Vendor PHI Compliance Policy
  7. Medical Data in the Cloud policy
  8. Identification and defining the roles and responsibilities of a security officer
  9. Privacy and Security Breach Incident Response Plan

Santeware maintains a documented information privacy, security and risk management program with clearly defined roles, responsibilities, policies, and procedures which are designed to secure any information at Santeware’s Platforms. Santeware’s program, at a minimum:

  1. Assigns data security responsibilities and accountability to specific individuals.
  2. Describes acceptable use of Customer’s Platform.
  3. Enforces end user authentication requirements.
  4. Describes audit logging and monitoring of customer production environments.
  5. Describes appropriate risk management controls, security certifications and periodic risk assessments; Ongoing projects at Santeware receive annual internal HIPAA audits.
  6. All employees of Santeware Healthcare Solution receive annual HIPAA Business Associate training.

At Santeware, We follow and recommend various measures to our clients before the commencement of any project in order to minimize/stop remote access to PHIs. These include:

  1. Use of a business-grade firewall, it will usually have a built-in VPN.
  2. Multi-factor authentication for the standard single sign-on method.
  3. Disabling of all Port 3389 of all machines
  4. Creation of RDP logs for periodic audits
  5. Remove RDP from Critical Devices

We here at Santeware take Data breach very seriously, and we strive to keep our environment & process upto date to prevent data breach. However if Data breach do occur we have documented process with clear roles & responsibility defined. Our process are largely categorized into these 5 areas:

  1. Reporting of Breach
  2. Initial Investigation to find or stop breach
  3. Complete Assessment & documentation
  4. Notification
  5. Perform Complete Security Audit

We here at Santeware have 3 main pillars for manage physical aspect of Security, they are:

Security Awareness

Santeware’s security awareness program requires associates to participate in mandatory education and training activities related to their specific role. These activities are designed to maintain the effectiveness of Santeware’s security posture and include:

  1. Continuing education campaigns
  2. Annual security training
  3. Localized security training
  4. Targeted security bulletins

Background Checks

Santeware’s applicant background check process varies based on the candidate’s potential role and applicable law. To the extent allowed by applicable law, background checks consist of:

  1. Employment history dating back ten years
  2. Education verification (highest degree), as required based on role
  3. Criminal search dating back seven years
  4. Aadhar card number verification

Physical Safeguards

  1. Facility control (Access card, CCTV camera & Security guard)
  2. Workstation management (Disable drives, printers & Bluetooth connectivity)
  3. Restriction of Mobile with camera
  4. Inventory of hardware

All our employees are working from home due to pandemic, however every employee of Santeware has company provided Laptop with approved software & controls available. Also, employees are mandated to connect via secured Santeware network to access or connect to client’s virtual machine, database, and file/folder structure.

Also, we have deployed security monitoring agents in PROD/Virtual machines which allows access of PHI and production servers to track and monitor any unauthorized accesses and security events.

Contact us to know more on our security measures and confidentiality maintenance policies

Please enable JavaScript in your browser to complete this form.
Name