Security safeguards

At Relaymed, privacy and security are our top priorities — not boxes to be checked during a once-a-year review. At each and every level of Relaymed, we foster a culture to make safeguarding patient data an integral part of what we do.

These efforts drive us to go beyond HIPAA compliance, which is why we are proud to be HITRUST certified. HITRUST is the most widely adopted security control certification in healthcare. A rigorous and challenging test, our commitment to HITRUST certification demonstrates to our customers and partners that data security is the highest priority at Relaymed.

Securing Relaymed

Given the nature of our product, our security safeguards cover data at rest and in transit.

• We’re hosted on Microsoft Azure and have a business associate agreement (BAA) in place with Microsoft.
• Data is only stored within the United States.
• Our entire database is encrypted with Microsoft’s Transparent Data Encryption technology. This helps protect against the threat of malicious offline activity by encrypting data at rest.
• The database encryption key is protected by a built-in server certificate. The built-in server certificate is unique and the encryption algorithm used is AES 256.
• We use enterprise-grade cloud security and compliance platforms. 
• We undergo multiple third-party audits yearly, including penetration testing with ethical hackers. This ensures any security issues are resolved before they have a chance to arise and that data is properly guarded.
• We store sensitive credentials as salted and hashed values for an additional layer of security.
• We use static code analysis to regularly scan our code base and find and address any security vulnerabilities.
• Between the Relaymed Software Agent and our cloud, and our cloud to EHRs, end-to-end encryption is done to secure all data transmitted over an HTTPS connection. Our SSL policy is to use TLS1.2 using Microsoft Azure recommended settings.
• Alternatively, where an EHR requires, traffic is encrypted via a secure VPN connection. We use an IPsec protocol to ensure all traffic within the VPN is encrypted and authenticated. The VPN is consistently monitored with a heartbeat to ensure the connection remains healthy.
• We build on highly available infrastructure components, including availability zones (AZs) to mitigate against any outage in one AZ. And of course in the event of any downtime, we have failover with minimal interruption. 
• And finally to ensure no test result is ever lost, we use Azure Service Bus to queue all messages. 

We know that technology changes and new threats emerge, so Relaymed is ever vigilant and committed to continually working on security enhancements as our infrastructure evolves.