Security, Privacy and Compliance
Relax knowing your data is safe
Data-centric model; Zero-trust architecture
Granular segregation and policy enforcements with no “keys to the kingdom” and therefore no single points of compromise.
Strong yet flexible user access
Our platform supports OpenID Connect, SAML and multi-factor authentication, combined with fine-grain attribute-based authorization.
“Air-Gapped” environments meet short-lived processes
No direct administrative or broad network connectivity, such as VPN or SSH access, into production. Processes are short-lived and killed after use. This ensures minimal persistent attack surface and makes it virtually impenetrable.
Watch everything, even the watchers
All environments are monitored, all events are logged, all alerts are analyzed, all assets are tracked. No privileged access without prior approval or full auditing. We even have multiple systems to “watch the watchers’.
Immutable builds
Infrastructure as code. Security scan of every build. Full traceability from code commit to production. “Hands-free” deployment ensures each build is free from human error or malicious contamination.
Usable security
All employees receive security awareness training not annually, but monthly. Combined with simplicity and usability, we ensure our security policies, processes, and procedures are followed without any need to get around them. No “Shadow IT”.
Need-based temporary access
Access to critical systems and resources are closed by default, granted on demand, and protected by strong multi-factor authentication.
Centralized and automated operations
API-driven cloud-native security fabric that centrally monitors security events, automates compliance audits, and orchestrates near real-time risk management and remediation.
End-to-end data protection
Data is safe both at rest and in transit, using strong encryption and key management.
Regulatory compliant and hacker verified
The LifeOmic Platform is fully compliant with HIPAA / HITECH and HITRUST CSF Certified. Verified by white-hat hackers.
LifeOmic Wins “Best Patient Data Security Solution” in MedTech Breakthrough Award Program
We believe every patient deserves to know that their sensitive health information is being handled with the utmost care and protection.
HITRUST Certification FAQs
Why is HITRUST certification important?
Jesse Kinser, CISO
If my cloud service provider is HITRUST certified, does that mean I am as well?
Adam Cole, Technical Director of Security Operations
Why did LifeOmic choose HITRUST over ISO certification?
Jesse Kinser, CISO
As a medical device company, can I provide my ISO 27001 certification in lieu of HITRUST?
Adam Cole, Technical Director of Security Operations
What is the process like to achieve HITRUST certification?
Adam Cole, Technical Director of Security Operations
What does it take to maintain HITRUST certification?
Adam Cole, Technical Director of Security Operations
Is the LifeOmic patient mobile app HITRUST certified? If not, why?
Jesse Kinser, CISO
How does the HITRUST certification of a third party apply to my business? If AWS and Azure are already HITRUST certified, why would I need my own?
Jesse Kinser, CISO
We are evaluating investment in the achievement of our own HITRUST certification. What should I be aware of? What will I need to invest?
Adam Cole, Technical Director of Security Operations