Security, Privacy and Compliance

Relax knowing your data is safe

Data-centric model; Zero-trust architecture

Granular segregation and policy enforcements with no “keys to the kingdom” and therefore no single points of compromise.

Strong yet flexible user access

Our platform supports OpenID Connect, SAML and multi-factor authentication, combined with fine-grain attribute-based authorization.

“Air-Gapped” environments meet short-lived processes

No direct administrative or broad network connectivity, such as VPN or SSH access, into production. Processes are short-lived and killed after use. This ensures minimal persistent attack surface and makes it virtually impenetrable.

Watch everything, even the watchers

All environments are monitored, all events are logged, all alerts are analyzed, all assets are tracked. No privileged access without prior approval or full auditing. We even have multiple systems to “watch the watchers’.

Immutable builds

Infrastructure as code. Security scan of every build. Full traceability from code commit to production. “Hands-free” deployment ensures each build is free from human error or malicious contamination.

Usable security

All employees receive security awareness training not annually, but monthly. Combined with simplicity and usability, we ensure our security policies, processes, and procedures are followed without any need to get around them. No “Shadow IT”.

Need-based temporary access

Access to critical systems and resources are closed by default, granted on demand, and protected by strong multi-factor authentication.

Centralized and automated operations

API-driven cloud-native security fabric that centrally monitors security events, automates compliance audits, and orchestrates near real-time risk management and remediation.

End-to-end data protection

Data is safe both at rest and in transit, using strong encryption and key management.

Regulatory compliant and hacker verified

The LifeOmic Platform is fully compliant with HIPAA / HITECH and HITRUST CSF Certified. Verified by white-hat hackers.

LifeOmic Wins “Best Patient Data Security Solution” in MedTech Breakthrough Award Program

We believe every patient deserves to know that their sensitive health information is being handled with the utmost care and protection.

Read More

HITRUST Certification FAQs

Why is HITRUST certification important?
Jesse Kinser, CISO

If my cloud service provider is HITRUST certified, does that mean I am as well?
Adam Cole, Technical Director of Security Operations

Why did LifeOmic choose HITRUST over ISO certification?
Jesse Kinser, CISO

As a medical device company, can I provide my ISO 27001 certification in lieu of HITRUST?
Adam Cole, Technical Director of Security Operations

What is the process like to achieve HITRUST certification?
Adam Cole, Technical Director of Security Operations

What does it take to maintain HITRUST certification?
Adam Cole, Technical Director of Security Operations

Is the LifeOmic patient mobile app HITRUST certified? If not, why?
Jesse Kinser, CISO

How does the HITRUST certification of a third party apply to my business? If AWS and Azure are already HITRUST certified, why would I need my own?
Jesse Kinser, CISO

We are evaluating investment in the achievement of our own HITRUST certification. What should I be aware of? What will I need to invest?
Adam Cole, Technical Director of Security Operations


Check out our security FAQ

Read More

Learn about our HIPAA compliance

Read More

Report a security issue

Report