TripleA
ANYPLACE ANYWHERE ANYTIME

O - AAA is Secure and both HIPAA and GDPR Compliant

 

 

Your data is secure before transmission, during transmission and when in storage.

Windows Phone is undoubtedly one of the most secure mobile platforms available (it has a FIPS-140-2 accreditation) Click here to download the security overview.

Despite this, we encrypt all data on the phone. For Windows 10 devices we will also take advantage of the 'Hello Windows' security features which can use iris and facial recognition. Your data is safe and always protected provided you secure it. Always set a  password and use a lock screen to protect your device and optionally use Bitlocker. It's free and comes with the phone.

Every single packet of data we send is encrypted with 256bit AES encryption (excluding your texts but including group chat AND E-Mails). AAA data is then only ever sent over an HTTPS connection. Data is 256bit AES encrypted on your device, during transmission and when stored in a HIPAA compliant data storage facility. We use SQL Server 'Always Encrypted' databases for storage. When you create a group and invite colleagues, we also use multi-factor security authentication and on top of this, we time limit the invitations. Despite this, we know that there is no 100% secure system. How secure is 256bit AES encryption (don't take our word for it) https://en.wikipedia.org/wiki/Brute-force_attack

"AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space."

We exceed HIPAA and HITECH requirements.

BUT we recognise that your institution may not permit the recording of personally identifiable data to be held on your personal device - Well - Don't - You are an intelligent human being and a dedicated professional and we know that you will use the tools at your disposal to deliver the service and duty of care you need to supply. AAA is just a means to help you deliver the care you need with technology - How you choose to use that technology is as always up to you.

 

GDPR

AAA fully complies with all GDPR requirements including HL7 data transfer. We have also documented procedures for individuals rights and 'lawful bases for processing'. Our software is blockchain based so every transaction is recorded and accountable. Data in AAA is protected by design and by default and our DPO has over 10 years experience in data compliance and protection in banking, marketing and healthcare.

 

 

As for storage, your data is ultimately held in a Microsoft data centre like the one in the picture below but we also hold an additional copy of your data in an identical Azure datacentre which is geographically remote (just in case). 

   

 

A copy of the Azure HIPAA compliance statement can be found here.

Maintaining datacenters at this level of security and fault tolerance is extremely expensive but due to the scale of Azure, the costs are drastically reduced and the technology is now wildly available.