Providing service and safety through a robust IT infrastructure

The systems powering our work and protecting yours

MedHealth Financial deploys protocols to ensure that the data is protected by outside parties whether payer, patient, provider or practice. Our security updates are deployed on all hosts using centralized management software.

MedHealth Financial staff are properly trained and follow all guidelines for HIPAA. There are three basic states of data: data at rest, data in motion and data in use.

All data at rest is encrypted on the storage attached network using AES-256. Encryption is on all of the datastores that our servers and desktops reside on.

The second phase is data in motion. All data traveling across networks from local to cloud, cloud to local, local to client, client to local is encrypted so it cannot be read or manipulated by any unauthorized user between the data’s source and destination location. Clients transmit data utilizing IPsec VPN tunnels, SFTP, and FTPS.

Data in use is the third phase. This is data that is being processed by one or more applications. This is data currently in the process of being generated, updated, appended or erased.

Data is protected through a three-layer backup process that includes daily backup and data storage at multiple Level 3 sites with firewalls, packet filtering, and geo filtering to protect against intrusion. Access to data is limited by groups and policies, with all successful and failed logins archived for audit purposes, and extensive processes to prevent data contamination. All these safeguards and more ensure that your data remains accurate and your patients’ privacy is protected.