ProCARE Portal

SECURITY STATEMENT

OVERVIEW

ProCARE Portal is the hosting platform designed and used by us to deliver ProCARE applications as a service. Each subscriber’s ProCARE applications are physically located on a server in a secure location at one of our data center partners. Our data center partners provide power, network and backup services. ProCARE Portal LLC owns and rents servers to power the ProCARE Portal platform. For servers that it owns, ProCARE is responsible for provisioning, monitoring, and managing the servers, and for providing support to ProCARE Portal subscribers. For servers that it rents from third party vendors, ProCARE monitors and manages the servers, in addition to providing support to ProCARE Portal subscribers.

DATA STORAGE

The ProCARE Portal platform was designed and optimized by us to host ProCARE Portal applications and has multiple levels of redundancy built in. The applications themselves run on separate software nodes than the nodes which store the data. Hardware failure of the compute node is recovered automatically. Application data is stored on a RAID 10 storage node and replicated to a secondary storage node every six hours. If the primary storage node has a problem or becomes unavailable, the applications can be switched over to the secondary storage node.

FACILITIES

Access to the data centers is limited to authorized personnel only. Physical security measures include on-site security and specialized electronic security systems that control access to the data center. To ensure maximum availability and performance, our data center partners provide redundant networks, uninterruptable cooling and power supplies, Tier-1 premium bandwidth and experts dedicated to monitoring network performance and security 24/7/365. In addition, our data centers are located in geographically diverse locations across the United States.

PEOPLE AND ACCESS

Our support team maintains an account on all ProCARE Portal systems and applications for the purposes of maintenance and support. This support team accesses hosted applications and data only for monitoring application health and performing system or application maintenance, and upon customer request via our support system. Within ProCARE Portal, only authorized employees have access to application data. Authentication is done via individually protected public keys and passwords, and the servers only accept incoming SSH connections from secure accounts. ProCARE Portal leverages strong user-authentication and role-based access controls. ProCARE Portal is designed to allow application data to be accessible only with appropriate credentials, such that one customer cannot access another customer’s data without explicit knowledge of that other customers’ login information. Customers are responsible for maintaining the security of their own login information.
Our support team and monitoring partners monitor the ProCARE Portal platform 24×7 from locations in the United States, Europe and Asia.

CERTIFICATION

To augment 3rd party application penetration testing we have performed, we have selected data center providers that maintain industry-standard certifications. Our data centers are SOC-2 SSAE-16 (formerly SAS 70) compliant. These certifications address physical security, system availability, network and IP backbone access, customer provisioning and problem management.

Backups

Application database backups for ProCARE Portal occur on the following frequencies: On-site backups are performed daily and retained for seven days. Weekly backups are taken weekly, which are then stored off-site and retained for twelve weeks. Monthly backups are also stored off-site and retained for 12 months. All electronic protected health information (PHI) backup data is encrypted.

HIPAA TECHNICAL REQUIREMENTS

ProCARE Portal is designed to be a secure and HIPAA compliant platform per the requirements documented on the following page. We continually review and upgrade to the latest and most secure technologies to ensure peace of mind for customers.