Security
and Privacy
At MedPass, security comes first. Our platform and customers’ safety is our top priority.
Enterprise Security
Endpoint Protection
Our company prioritizes the security and protection of our systems and data. We employ a multi-layered approach to endpoint security, utilizing a combination of antivirus/antimalware software, firewalls, patch management, data encryption, application whitelisting, and device control policies.
We continuously monitor and manage endpoint security measures to ensure effectiveness and responsiveness to evolving threats. Our dedicated security team conducts regular assessments, audits, and updates to maintain the integrity and robustness of our endpoint security infrastructure.
We continuously monitor and manage endpoint security measures to ensure effectiveness and responsiveness to evolving threats. Our dedicated security team conducts regular assessments, audits, and updates to maintain the integrity and robustness of our endpoint security infrastructure.
Vendor Security
MedPass adopts a risk-based strategy to assess vendor security, considering several factors when determining the inherent risk rating. These factors include the vendor’s access to customer and corporate data, integration within production environments, and potential impact on the MedPass brand. Following this assessment, vendor security undergoes rigorous evaluation to establish a residual risk rating and make an informed approval decision.
Secure Remote Access
MedPass ensures secure remote access to internal resources by utilizing OpenVPN, a cloud-based platform. Additionally, we employ malware-blocking DNS servers to safeguard employees and their endpoints during internet browsing.
Security Education
MedPass ensures robust security awareness among employees by providing comprehensive training upon onboarding and annually through educational modules on platforms such as Vanta and Riot. Our engineers undergo additional mandatory live sessions focusing on secure coding principles and practices.
Identity and Access Management
MedPass employs Multi-Factor Authentication (MFA) to enhance identity security by mandating multiple verification methods for accessing our systems and applications. Additionally, we utilize Vanta’s access management module to oversee and administer employee platform access.
Access to applications at MedPass is role-based, with employees granted permissions based on their job functions. When an employee’s tenure concludes, access rights are automatically revoked. Any additional access requests must adhere to the specific application’s approval policies established by our organization.
Access to applications at MedPass is role-based, with employees granted permissions based on their job functions. When an employee’s tenure concludes, access rights are automatically revoked. Any additional access requests must adhere to the specific application’s approval policies established by our organization.
Penetration Testing
MedPass collaborates with a top-tier penetration testing consulting vendor on an annual basis to ensure the robustness of our security measures.
These assessments encompass all aspects of the MedPass product and cloud infrastructure. To facilitate comprehensive testing and maximize effectiveness, testers are granted full access to our source code.
These assessments encompass all aspects of the MedPass product and cloud infrastructure. To facilitate comprehensive testing and maximize effectiveness, testers are granted full access to our source code.
Vulnerability Scanning
MedPass employs AWS services for ongoing monitoring of its cloud infrastructure, utilizing automated scanning and monitoring tools to proactively detect and resolve potential vulnerabilities. Additionally, Vanta facilitates automated vulnerability assessments, identifying security weaknesses across the IT infrastructure and offering actionable insights for remediation, thereby streamlining the vulnerability management process.
Data Protection
At MedPass, we uphold rigorous data security standards to protect data information both at rest and in transit. For data at rest, we employ encryption techniques to render data unreadable to unauthorized individuals, coupled with stringent access controls to restrict access solely to authorized personnel. Additionally, regular data backups are conducted to ensure swift recovery in the event of unforeseen incidents. When data is in transit, we utilize robust encryption protocols such as TLS or SSL, alongside secure communication channels like HTTPS, to safeguard it from interception or tampering. While these measures aim to fortify data security, we continually monitor and update our practices to adapt to evolving threats, prioritizing the confidentiality and integrity of the information above all else.
Data Privacy
At MedPass, data privacy is a first-class priority - we strive to be trustworthy stewards of all sensitive data.
HITRUST certification
MedPass is HITRUST e1 certified, demonstrating our commitment to top-tier data security for our customers and partners.
Regulatory Compliance
We are committed to staying abreast of regulatory compliance updates and framework requirements to enhance our processes and services continually. Our dedication to staying current ensures that we maintain compliance with evolving standards, providing our customers with the highest level of service and trust.