Security & Privacy

 

At Mobile Heartbeat, we are passionate about improving clinical processes through the use of technology. We are also aware that protection and privacy of information are non-negotiable requirements. Everyone is part of the InfoSec team and have consciousness of:

  • Our cyber behaviors matter downstream to our customers and to the communities that they serve

  • Our position in the healthcare supply chain demands strong defense against information security threats

InfoSec Core Objectives

The InfoSec Program at Mobile Heartbeat has three core objectives:

 

Info Sec Core Objectives

 

Our InfoSec program aims to secure our technology and our customers’ data.

Banyan Security Tenets

Our Security Philosophy and Vision for Banyan

We appreciate that our customers involve Mobile Heartbeat as part of their technology-enhanced clinical collaboration processes, thus we’re dedicated to build the industry’s most trusted unified clinical communication platform. Our cloud offering, Banyan, is managed, standardized, and tested to meet customers’ demand for trust.

 

Guided by the industry best practices and regulatory requirements, security and privacy are embedded into the fabric of Banyan across all layers from platform to application.

Security + Privacy by Design and in Operations

  • Information security risk assessments

  • Security review of technical designs and architectures

  • Logical segregation of customer data

  • Authentication and role-based access control for least-privilege access

  • Just-in-Time privileged access

  • Data encryption in transit and at rest

  • Vulnerability and threat management

  • Security logging and monitoring

  • Platform and application penetration tests by external, independent vendors

HIPAA Privacy and Security Rule Standards

  • Focus area in the risk assessment process

  • Active monitoring of compliance

  • Workforce training and awareness

  • PHI handling guidance for the workforce

Resilient

Multiple US regional presence for redundancy

Segmented architecture based on the hub-and-spoke model

Infrastructure as Code and containerized app for easy recovery

Security Incident Response exercises

Built Through Secure Development Program

  • InfoSec sign off on design

  • Threat Modeling

  • Security testing on the CI/CD pipeline

    Static Code Security Testing (SAST)

    Secret Scanning

    Software Composition Analysis (Dependency check)

  • Security testing off the CI/CD pipeline

    Dynamic Application Security Testing (DAST)

    Penetration Testing by 3rd parties

Contact Info

If you have any questions or inquiries about Mobile Heartbeat’s information security program, please contact infosec@mobileheartbeat.com

 

Responsible Disclosure