Data Sheet: Provider Data Management - Commitment to Security and Data Protection

According to a 2024 HealthEdge survey, 46% of payer executives identified security as their highest priority when approaching technology and data transformation for 2025. As health plans modernize to build scalable experiences and processes, selecting partners that integrate privacy and security into their product design is a critical mandate.

HealthEdge’s Provider Data Management ecosystem addresses this need through a "security-first" approach. This strategy identifies risks to information systems, implements robust security measures, and establishes rigorous processes for the responsible handling of healthcare data. By prioritizing Provider Data Management security, HealthEdge ensures that sensitive member and provider data remains confidential, secure, and compliant.

HealthEdge employs a multi-layered security strategy to safeguard critical infrastructure and data assets.

1. Operational and Software Security

To ensure business continuity and system integrity, HealthEdge implements rigorous protocols:

• Incident Response: Standardized procedures for business continuity and disaster recovery to guide response teams through disruptive events.
• Third-Party Risk Management: rigorous scrutiny of all externally developed tools and service providers.
• Vulnerability Management: Annual third-party penetration testing, static (SAST) and dynamic (DAST) application security scanning, and proactive risk assessment of all product changes.
• Change Management: Strict deployment approvals and code peer reviews to ensure quality and security-by-design.

2. Personnel and Endpoint Protection

Workforce security hygiene is maintained through a combination of technology and education:

• Role-Based Training: All workforce members undergo role-based security training and background checks.
• SAFE Program: The "Security Awareness For Everyone" program includes phishing simulations, alerts, and educational resources.
• Endpoint Defense: Deployment of Endpoint Detection and Response (EDR), malware protection, and data loss prevention (DLP) across all workstations.

3. Data Encryption and Privacy

HealthEdge ensures data integrity through advanced encryption standards:

• Encryption at Rest: All sensitive data is encrypted to AES-256 strength, with backups using FIPS-140-2 validated suites.
• Encryption in Transit: Web-based traffic, including Provider Data Management public APIs, is encrypted using at least TLS 1.2.
• Access Control: Utilization of Role-Based Access Control (RBAC), Single Sign-On (SSO), and Multi-Factor Authentication (MFA) to enforce least-privilege access.

4. Infrastructure and Compliance

The Provider Data Management platform is built on fault-tolerant infrastructure designed for high availability and compliance:

• Hosting: Customer data is hosted on Microsoft Azure in the United States with logical and physical separation of customer instances.
• Defense Systems: Implementation of Web Application Firewalls (WAF) and Security Information and Event Management (SIEM) systems for real-time visibility and response.
• Certifications: HealthEdge maintains SOC2 Type 2 and HITRUST certifications, validating its commitment to security, availability, confidentiality, and privacy.

By integrating these security measures, HealthEdge Provider Data Management serves as a single source of truth, empowering health plans to operate seamlessly while meeting the highest standards of data protection.