Data Sheet: GuidingCare HiTrust Security

GuidingCare HiTrust ensures robust security across various dimensions, focusing on operational, personnel, software, data encryption, access controls, and infrastructure protection.

Operational Security:

GuidingCare adopts a risk-based approach to identify and mitigate information security risks, maintain network management controls, implement change governance, and integrate security in business operations functions to achieve organizational objectives. The platform also has standards for business continuity, disaster recovery, and incident response to manage disruptive events effectively. Third-party risk management examines all externally developed tools, components, and service providers for risk and security.

Personnel Security:

All workforce members undergo role-based security training and background checks before accessing GuidingCare data. The Security Awareness for Everyone (SAFE) program includes phishing simulation tests, security alerts, newsletters, and more to promote global workforce security hygiene. Endpoint protections, including Endpoint Detection and Response (EDR), malware protections, application blocklisting, and data loss prevention (DLP), are enforced on all workstations. Multifactor authentication (MFA) is mandatory for access to critical systems and networks.

Software Security:

Annual third-party penetration tests are conducted on GuidingCare's network and applications. Change management procedures oversee deployment approvals and activities. Quality assurance involves code peer reviews, static and dynamic application security testing (SAST & DAST), team lead approvals, customer acceptance testing, and issue resolution management. A vulnerability management program identifies and remediates vulnerabilities based on criticality. Security-by-design principles are integrated into all product development stages.

Data Encryption:

Sensitive data is encrypted at rest using AES-256, and backups are encrypted using a FIPS-140-2 validated suite. Web-based traffic and public APIs are encrypted in transit with TLS 1.2, while IPsec VPN tunnels secure communication between GuidingCare and customer environments.

Access Controls:

IP allow-listing prevents unauthorized external access to customer data, and the application supports Role-based Access Control (RBAC), single sign-on (SSO), and MFA. Access to internal systems adheres to least-privilege principles, and access levels are monitored and re-approved quarterly.

Infrastructure Protection:

Customer data is hosted on fault-tolerant, redundant infrastructure within the United States, ensuring logical and physical separation in databases. A Web Application Firewall (WAF) and load balancer protect the application, while a Security Information and Event Management (SIEM) system provides internal visibility and response to platform errors, security events, and performance issues.

Compliance:

GuidingCare and its Hyderabad, India product development center, are HITRUST certified and undergo annual SOC 2 Type II attestation reports.

Privacy:

GuidingCare is committed to respecting user privacy, with a detailed privacy policy available online for review.

GuidingCare HiTrust sets a high standard for security and compliance, ensuring a trustworthy and efficient platform for healthcare organizations. Learn more about enhancing your organizational security and operational efficiency with GuidingCare HiTrust.