In order to preserve the integrity of data that Visible Health stores, processes, or transmits for Customers, Visible Health implements intrusion detection tools and policies to proactively track and retroactively investigate unauthorized access.
Visible Health’s Business Associate Amazon Web Services (AWS) provides significant network protection for their dedicated services, which Visible Health uses. This is revealed in their documentation - page 11.
AWS utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability. AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts.
Applicable Standards from the HITRUST Common Security Framework
- 09.ab - Monitoring System Use
- 06.e - Prevention of Misuse of Information
- 10.h - Control of Operational Software
Applicable Standards from the HIPAA Security Rule
- 164.312(b) - Audit Controls
Intrusion Detection Policy
- AWS provides significant protection against traditional network security issues including:
- Distributed Denial Of Service (DDoS) Attacks
- Man in the Middle (MITM) Attacks
- IP Spoofing
- Port Scanning
- Packet sniffing by other tenants.
- Tripwire monitors file system integrity and sends real time alerts when suspicious changes are made to the file system.
- All new firewall rules and configuration changes are reviewed before being pushed into production. All firewall and router rules are reviewed every quarter.
- Visible Health utilizes redundant firewall on network perimeters.