Security & Trust
Our Mission
Net Health takes the utmost care to properly secure and protect customer data through policy implementation, robust technical controls and external compliance assessments. Our defense in depth process is centered on continuous improvement: we recognize cybersecurity is not a one-time achievement, but rather an ongoing process that requires regular attention and investment.
System Status
Net Health employs many security controls, including:
- Advanced encryption to protect data in transit and at rest
- 24/7/365 monitoring by our Security Operations Center (SOC)
- SOC2 and HITRUST audits to document compliance with our policies
- Annual security training for all employees and contractors
- DevSecOps principles to ensure application software security
- Wall-to-wall industry-leading Endpoint Detection and Response (EDR) solution
- Penetration testing by a third party to verify control effectiveness
- Identity and Access Management controls paired with Multi-Factor Authentication (MFA)
- Anti-Spam/Anti-Phishing/Anti-Malware protection on corporate email systems
- Infrastructure as Code (IaC) to reduce or eliminate errors in infrastructure
Privacy
As a trusted healthcare provider, we recognize the importance of upholding the confidentiality, integrity, and availability of personal health information (PHI) in accordance with applicable federal and state regulations.
HIPAA/Compliance
All Net Health employees are required to comply with state and federal laws regarding the safeguarding of Protected Health Information (PHI) and customer data, including HIPAA regulations. All PHI is stored on centralized databases and storage on local devices is prohibited. A robust reporting structure ensures that all incidents are managed quickly and effectively.