How WPS Protects Protected Health Information and Your Data

How WPS Protects Protected Health Information and Your Data

Monday, May 23, 2022
How WPS Protects Protected Health Information and Your Data

 

Security is a top priority for us at WPS, which is why security is built in throughout the WPS e-commerce website and the Online Evaluation System (OES). Maintaining a secure infrastructure and environment that safeguards data and protected health information (PHI) is our highest priority for our customers.

Below is an overview of everything WPS does to ensure the safety of your data and your clients’ PHI. You can read our complete security and compliance report at www.wpspublish.com/security-compliance-standards.

 

Data Security

WPS houses its data in a state-of-the-art Amazon Web Services (AWS) data centers located within the USA. AWS allows organizations subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to process, maintain, and store protected health information. To do this, AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates.

Additionally, AWS holds the following key certifications:

  • SOC 1, 2, & 3
  • ISO 270001
  • FedRAMP
  • FERPA
  • CSA
  • NIST

 

Network Security

WPS prides itself on a Secure Network Architecture. Network devices, including firewalls and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. Database and application servers are protected by a firewall to ensure that no unauthorized traffic can reach the servers. Access to the servers is restricted to approved IP addresses and requires a private key authentication, and isolation is achieved using a virtual private cloud (VPC). This makes it much harder for viruses to reach or impact our production network.

 

Data Encryption

WPS leverages AWS for data encryption in transit (TLS) and at rest (AES-256). Whether at rest or in transit, we have the capability to provide the highest level of security and encryption to protect the confidential and personal information you entrust to us. This includes strong public and private secret keys and key management systems.

 

Secure Access Points and Transmission Protection

AWS has strategically placed a limited number of access points to the cloud to allow for a more comprehensive monitoring of inbound and outbound communications and network traffic. These customer access points are called API endpoints, and they allow secure HTTPS access. All connections to AWS access points happen via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol designed to protect against eavesdropping, tampering, and message forgery.

 

Network Monitoring and Protection

AWS uses monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. WPS also employs IDS/IPS systems on the corporate network outside of AWS infrastructure.

 

Human Factor Security: Training and Software

Access to the servers is restricted to the server administrators, an approved representative of the support team, and an approved representative of the development team (access is revoked if no longer necessary).

Additionally, all WPS employees receive regular security training and work on secured laptops to prevent any accidental or unconscious security breaches.

Interested in learning more?

Please contact Customer Service at 800.648.8857 between 6 a.m. and 2:30 p.m. PT, Monday through Friday. If you call after hours, please choose option 1 and enter extension 5540 to reach the voice mailbox. Someone will return your call within 1 business day. For email inquiries, you can reach us at customerservice@wpspublish.com.

0 viewed