Home > Technology & Security
Our industry leading digital platform includes smart forms and technology that ensures all data is held securely and is easily accessible on any device.
The safety of your clients medical data is paramount. We understand that it is imperative to keep their information safe and secure. Our platform has been security assessed and we hold security accreditations with Australian insurance providers.
The platform is market leading and offers cutting-edge advanced technological capabilities.
Security aspects considered include:
- Fully compliant with CP230 and CP234
- Data Access
- Data Encryption
- Secure Transport
- Logging and Intrusion Detection
- Service Access & Application Roles
Smart Forms and Data Access
Our Platform includes Smart Form technology that enables a Smart Form to be sent instantly to a client or medical centre. The recipient can access the form on any device and can also sign the document using a digital signature. These are regularly used for obtaining Client Consent, completion of Medical examination forms during client appointments and by General Practitioners completing Medical Reports and during Telehealth consultations.
Our Smart Form Builder allows us to create a new Reflexive Smart Form from any existing forms that you currently use. As such, we can assist with sourcing any manner of information that you require.
Integrations
Health Predictions can receive requests for information (ie questionnaires) from the Decision Studio platform. We also have integrations with other platforms such as Xero and can easily integrate with, or for you, using open API.
From an end user perspective all data entities in the database and search indexes have a combination of a “scope path” (hierarchical) and tags attached. User access via UI or API all goes via the backend that filter the data according to user permissions. From an system perspective, the data is stored in DynamoDb, S3 and ElasticSearch and access from system components are governed by application roles.
Data Encryption
There are four different data storage instances per environment, all of them use encryption in transit and at rest at using Amazon KMS.
- DynamoDB tables for all current information except files.
- S3 bucket with all current files used in the application.
- S3 versioned bucket for backup of all data, the bucket is not accessible from the application. The only access is via the system admin account on AWS.
- ElasticSearch service containing a subset of the DynamoDB data for searching / analytics.
- All AWS data centres are located in NSW and Health Predictions is fully compliant with Data sovereignty.
User credentials for the application are stored in the database as salted PBKDF2 hashes.
Secure Transport
All communication outside the organisation is over HTTPS/TLS encrypted transport. HTTPS is terminated with at the load balancer and the current policy in use is ELB Security Policy TLS-1-1-2017-01 which only contains ciphers that are considered secure. We implement HTTP Strict Transport Security and our domain name is on the preloaded list to help prevent man in the middle attacks.
Logging and Intrusion Detection
All network traffic to our application is logged (sensitive credential and data masked/removed) and intrusion attempt detection is monitored by automatic CloudWatch alarms on those logs. Amazon WAF is also used to log and block network access from suspicious sources.
Service Access and Application Roles
All access to AWS services are done through application task roles with the least amount of privilege needed to perform their work. The roles are described in the AWS CloudFormation templates along with the rest of the infrastructure. As roles are used there is no need to store sensitive credentials. Access to the management console for Amazon is locked down with MFA and only key staff have access to the production account.
Vaccination Services
Health Predictions provide vaccination services to a broad range of workplaces. Influenza (Flu) vaccinating your team helps to protect your employees from ill health and demonstrates your care. Mass covid rapid testing can be conducted at the start of the work day too. Workplace vaccinations and rapid testing are effective in maintaining maximum work force attendance and reducing the spread of infectious illness.
Pharma Trials
Health Predictions Pharma supports pharmaceutical clinical trials and subjects by providing in-home nursing support leading to increased subject enrolment, participation and retention; which is key to successful outcomes. Our services are provided throughout Australia, New Zealand and South East Asia. Clinical Research teams; our partnership can enhance the success of your trial.
