Trust Center

​Purpose: This document details the steps we take to ensure the privacy and security of protected health information (PHI).  

How does Life365 keep protected health information safe and private?
 

Life365 ensures the safety of health information in digital storage; like a virtual, locked file cabinet. Life365 obeys all laws on securing protected health information and keeping it private.

The HIPAA Security Rule is the first set of national standards for protecting digital health information. The goal of this rule is to protect digital information that identifies an individual, while still allowing healthcare providers access to the information they need.

The HITECH Act gives more severe penalties for not protecting data. Life365 fully understands these rules and has added security to our digital storage of health information. This makes Life365 a leading Remote Patient Monitoring integrator in healthcare.

 
What does Life365 do with protected health information?
 

We understand that Protected Health Information (PHI) is personal and private, and we are dedicated to keeping PHI secure yet accessible as needed.

Life365’s has developed an exclusive Platform as a Service (PaaS) using Amazon Web Services (AWS). AWS is a secure cloud services platform, offering database storage, content delivery and other functionality to help scale and grow. Running web and application servers/services in the AWS cloud has never been more secure within the AWS architectural framework.

What technologies and practices does Life365 use to safeguard protected health information?

Life365 has years of experience building large scale software solutions and running secure online services using a robust set of security technologies and practices. To safeguard sensitive information, we:

  • Control identity and user role access to our cloud platforms, data, and applications and enable Multi-Factor Authentication (MFA) for more secure sign-in experience.
  • Defend against threats and malware on all our cloud services.
  • Enforce intrusion detection, intrusion protection, distributed denial-of-service (DDoS) attack prevention, extensive monitoring, encrypted key management, regular penetration testing and audits, and data analytics and machine learning tools to help mitigate threats to the Life365 systems.
  • Report all security breaches to law enforcement, partners, patients, and health companies, as required by law.
  • Provide updated employee training and implement new policies and improve security. Special attention and training is provided to our employees to ensure they are taking all possible steps to protect our systems and the PHI we receive or generate.
  • Encrypt all protected health information.
How does Life365 encrypt protected health information?

Life365’s platform encryption service protects data by using strong, certified standards. It does this while making every data field encryption-aware at the metadata layer, so that features that use encrypted fields still function. There is no reason to sacrifice usability for security within the Life365 platform.

The Life365’s AWS instance uses the Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM, to encrypt raw data. The SDK supports 256-bit, 192-bit, and 128-bit encryption keys. The length of the initialization vector (IV) is always 12 bytes. The length of the authentication tag is always 16 bytes.

Life365’s security services and solutions are focused on delivering the following key strategic benefits critical to helping implement optimal security posture by following this security strategy: Prevent, Detect, Respond, and Remediate.


Does Life365 meet the healthcare standards required by law?

Life365 meets the highest standards required by laws, and takes the steps needed to continue this. To confirm that our services meet the highest standards, we:

  • Do not disclose customer data to any business, individual or government agency unless required by law.
  • Conform to HIPAA industry healthcare specific requirements with a comprehensive, compliance framework.
  • Routinely test our Infrastructure using third party security companies who have certified that it passes high security controls standards.
  • Perform sweeping third-party audits to confirm that Life365 meets standards needed in new security controls.
  • Employ a dedicated Security Compliance Team that assess risk on all new business decisions using established policies to safeguard all stakeholders.

For any questions regarding data security or compliance processes involving data security, please contact Life365’s compliance at: compliance@life365.health