Why Privacy and Security of your Healthcare data matters to us

At Santeware, understand the importance of appropriate protection and management of any PHI (Protected Health Information) you might share with us. We have established this Privacy and Security Policy so that you can understand the care with which we intend to treat PHI/ Product/ Process insights. For obvious reasons, the exchange of PHI is heavily regulated in an attempt to keep individual privacy intact and prevent harmful actors by identification and documenting multiple policies in order to provide complete privacy and security of any identified or non identifies PHIs. They are:

1. Security Risk Assessment Policy
2. PHI Security Improvement Plan
3. Patient Information Privacy Policy
4. Continuous development of Security-Centric Workflow Processes
5. HIPAA training Policy
6. Third-Party/Vendor PHI Compliance Policy
7. Medical Data in the Cloud policy
8. Identification and defining the roles and responsibilities of a security officer
9. Privacy and Security Breach Incident Response Plan

Santeware maintains a documented information privacy, security and risk management program with clearly defined roles, responsibilities, policies, and procedures which are designed to secure any information at Santeware’s Platforms. Santeware’s program, at a minimum:

1. Assigns data security responsibilities and accountability to specific individuals.
2. Describes acceptable use of Customer’s Platform.
3. Enforces end user authentication requirements.
4. Describes audit logging and monitoring of customer production environments.
5. Describes appropriate risk management controls, security certifications and periodic risk assessments; Ongoing projects at Santeware receive annual internal HIPAA audits.
6. All employees of Santeware Healthcare Solution receive annual HIPAA Business Associate training.

At Santeware, We follow and recommend various measures to our clients before the commencement of any project in order to minimize/stop remote access to PHIs. These include:

1. Use of a business-grade firewall, it will usually have a built-in VPN.
2. Multi-factor authentication for the standard single sign-on method.
3. Disabling of all Port 3389 of all machines
4. Creation of RDP logs for periodic audits
5. Remove RDP from Critical Devices

We here at Santeware take Data breach very seriously, and we strive to keep our environment & process upto date to prevent data breach. However if Data breach do occur we have documented process with clear roles & responsibility defined. Our process are largely categorized into these 5 areas:

1. Reporting of Breach
2. Initial Investigation to find or stop breach
3. Complete Assessment & documentation
4. Notification
5. Perform Complete Security Audit

We here at Santeware have 3 main pillars for manage physical aspect of Security, they are:

Security Awareness

Santeware’s security awareness program requires associates to participate in mandatory education and training activities related to their specific role. These activities are designed to maintain the effectiveness of Santeware’s security posture and include:

1. Continuing education campaigns
2. Annual security training
3. Localized security training
4. Targeted security bulletins

Background Checks

Santeware’s applicant background check process varies based on the candidate’s potential role and applicable law. To the extent allowed by applicable law, background checks consist of:

1. Employment history dating back ten years
2. Education verification (highest degree), as required based on role
3. Criminal search dating back seven years
4. Aadhar card number verification

Physical Safeguards

1. Facility control (Access card, CCTV camera & Security guard)
2. Workstation management (Disable drives, printers & Bluetooth connectivity)
3. Restriction of Mobile with camera
4. Inventory of hardware

All our employees are working from home due to pandemic, however every employee of Santeware has company provided Laptop with approved software & controls available. Also, employees are mandated to connect via secured Santeware network to access or connect to client’s virtual machine, database, and file/folder structure.

Also, we have deployed security monitoring agents in PROD/Virtual machines which allows access of PHI and production servers to track and monitor any unauthorized accesses and security events.