SLHC is committed to continuous improvement to ensure its Products incorporate state-of-the-art information technology privacy and security measures. We are committed to keeping all PHI (Protected Health Information) that is entrusted to us private and secure. We have instituted policies and procedures to ensure this data is kept confidential, including, but not limited to, the following:
Security is a top priority for SLHC, therefore, access to patient data is strictly enforced. All employees are required to sign a confidentiality agreement as a condition of their employment. Additionally, SLHC has initiated formal practices to assign appropriate personnel access to data, and actions are in place to govern the proper movement and handling of that data.
SLHC and its data center are physically secure. Access to the building and offices are all independently controlled via card access at each level, preventing walk-up intrusion, especially after hours. SLHC’s entire network infrastructure data center is in a secured and locked facility with a first-tier hosting provider that holds certifications such as SSAE 16 Type II SOC 1, 2 and 3, as well as SOC 27001. The hosting provider maintains security of the facility at all times and no one is permitted to enter the structure without proper access. Production hosting equipment is dedicated to our environment and is segmented from any other customer or providers. The primary hosting location is located in Chicago, Illinois and uses extensive data protection measures including redundant hardware. The secondary failover site is located in Fort Worth, Texas in an active/standby site that mirrors the primary site in case of disaster. It is hosted in a similar datacenter as the primary location.
To further protect sensitive data, SLHC enforces unique software architecture that includes user identifications, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates, and increasing measures to provide better data integrity and encryption.