TriageLogic Security Summary
Triage Logic Management & Consulting, LLC. provides nurse triage software and services. We designed and developed a proprietary call center software platform. The software platform relies on the use of automation for its daily business and clinical processes, some of them involving electronic protected health information (ePHI). In order to stay in compliance with the HIPAA Security Regulation, we have established policies and procedures to safeguard ePHI within their systems.
Employees & Users
TriageLogic has a formal HIPAA Security and Compliance training program. All employees are required to complete the training program and pass an exam to prove their understanding of the policies. TriageLogic performs an annual detailed HIPAA Risk Assessment. We perform administrative, physical, and technical assessments of the entire company along with its systems, processes and workflows against the HIPAA Security Regulations. The methodology used to perform the HIPAA Risk Assessments is based on risk assessment concepts and processes described in NIST Special Publication (SP) 800-30 Revision 1.
TriageLogic’s call center software platform is hosted in enterprise class data centers owned by HiVelocity Ventures Corporation. All systems are fully redundant across 2 of their data centers in Tampa and Atlanta. Both data centers are SSAE-16 SOC1 and SOC2 certified as well as HIPAA and PCI compliant. The servers are backed up regularly and patched quarterly. There are separate Development, Testing and Production environments for the applications.
Networks in both data centers are protected by managed Juniper/CISCO firewalls. Network traffic, including application traffic and VPN tunnels, is encrypted with SSL encryption. The network and servers are also monitored by Avertium using AlienVault Cloud Software, which is a Security Information and Event Management (SIEM) platform and Intrusion Detection System (IDS). These systems are monitored 24/7 in the Security Operations Center (SOC).
Applications & Data
TriageLogic captures the least amount of ePHI required to provide effective triage information to patients and their providers. Data is encrypted during transit and at rest. Patient data is only stored on database servers and never on workstations or mobile devices. Multi-factor authentication (MFA) is required in order to access the data and applications in the software platform. If a provider requests that TriageLogic sends patient information to them, it will only be provided over a secure connection. The applications are regularly scanned for vulnerabilities and misconfigurations as well as automated PEN testing using Qualys Web Application Scanning (WAS) tools.
End User Requirements
TriageLogic software requires a fast internet connection and is built and tested using up to date Chrome and Edge Chromium browsers.