Privacy & Security

The privacy and security of patient health information is a top priority for PathHub. Statutory regulations, and good practices, require persons and organizations, including business associates, handling health information to have policies and security safeguards in place to protect patient health information. PathHub is committed to ensuring it, and its business associates, comply with all regulations in regards to the protection and confidential handling of protected health information.

PathHub meets its obligations by periodically reviewing its Compliance Policy and conducting audits for:

  • Security Risk Assessment 
  • Privacy Assessment
  • Administrative Assessment

 

 

Data Security & Integrity

 In summary all our client's data is hosted with:

  • Healthcare Secure Dedicated Data Servers
  • Firewalls
  • Data Encryption
  • Offsite Backups
  • Multi-tier Authentication
  • Private Hosted Environment
  • SSL Certificates
  • SSAE 18 Certificate
  • Business Associate Agreement

PathHub has multiple layers of protection, including encryption in transit between company servers and client’s devices, and at rest on servers, providing a reliable and stable infrastructure. Mandatory compliance with all statutory regulations both for PathHub and its associates, whilst standards such as the ISO 9000 are an assurance that systems and procedures are in place for effective process management.  It is to be noted that PathHub is a software platform with no input or ability to affect the healthcare decisions undertaken by its clients in regards to their patients, it is not a medical device and no feature or process of the software can affect the outcome of a patient’s treatment plan without the specific input from an authorized medical professional.

PathHub users are able to access data on the web using both computers and mobile devices with same high security for access.

Access

Security begins at the access point, with multi factor authentication and password control for validation. Forced password changes are implemented at manageable intervals. We are on constant vigil for data threat risks and update our authentication methods as any new technology becomes available.

Transit

Servers process files from an application, splitting each transmission into blocks, encrypting each block and synchronizing only blocks which have been modified between revisions. To protect data in transit PathHub uses secure Sockets Layer (SSL)/Transport Layer Security (TLS), creating a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.

Storage

Clients data is stored in encrypted blocks, and an additional layer of encryption is provided for all file blocks at rest. Files are encrypted using 356-bit Advanced Encryption Standard. Metadata is kept in its own storage separate from the blocks, this enables high performance and availability standards. PathHub has a subscriber-controlled feature for long term data whereby all patient identifier fields can be removed, leaving only the originating patient record numbers, this feature can go a long way towards diminishing for and risks associated with electronic PHI.

Perfect Forward secrecy

For modern browsers, we support perfect forward secrecy. By implementing perfect forward secrecy, we’ve made it so our private SSL key can't be used to decrypt past Internet traffic.

Data Servers

PathHub data is housed at fully compliant 24/7 managed and monitored dedicated servers located in the UK. Our server hosting partners have the highest standards and protocols for data safety and security, with both physical and virtual threat contingencies in place.

File Recovery

PathHub saves 30-day history and allows clients to restore for up to 30 days.

Security Audits

PathHub rigorously tests data security and protocols to identify any vulnerabilities, working with partners such as internet security experts and the data centers where our servers are hosted. 

Training

PathHub is committed to ongoing training with clients to ensure good data security practices do not lapse over time.


     

    ISO 9001:2015

    ISO is an independent, non-governmental international organization with a membership of 164 National-Standards Bodies.

    Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.

    The ISO 9000 family addresses various aspects of quality management and contains some of ISO’s best known standards. The standards provide guidance and tools for companies and organizations who want to ensure that their products and services consistently meet customer’s requirements, and that quality is consistently improved.

    Uralensis Innov8 Ltd is certified for ISO 9001:2015. Certificate Number : SNR 31245739/98/Q Rev: 001. Certification date 21st July 2018.

    ISO 9001:2015 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one million companies and organizations in over 170 countries certified to ISO 9001.

    This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. 

    Using ISO 9001:2015 helps ensure that customers get consistent, good quality products and services, which in turn brings many business benefits.

    Further information can be read at https://www.iso.org/