Security and Compliance

Dedo Security and Compliance

At Dedo we are committed to the security of our customer and patient data. We take the worry out of Health Care transactions.

Key Security Takeaways

Data Center Security: Dedo’s systems run on the back of incredibly secure data centers. Our hosting provider has met industry recognized standards including ISO 27001, FedRAMP. All of our services run through private, secure network layers, addressable only through whitelisted gateways.

Data Encryption: We encrypt all our data whenever possible. Every single bit of our traffic is encrypted in transit using SSL/TLS. Data at rest on our servers is encrypted with full key/data segregation. We regularly review our code for OWASP, CVE, and NVD reported vulnerabilities.

Web Application Security: Our applications are built with industry best practices to insure security.

Disaster Recovery: Dedo’s platform is designed to be resilient. We continuously implement and test contingency and disaster recovery plans. Encrypted backups are performed every 24 hours.


Key Compliance Takeaways

HIPAA: Dedo has instituted safeguards, policies, and procedures to protect patients’ health information, in compliance with the final rule issued by the United States Department of Health and Human Services regarding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). These steps include:

  • Ongoing assessments of risks to the confidentiality, integrity, and availability of patient data.
  • Implementation of policies and procedures that dictate acceptable work practices and map directly to the HIPAA Security Rule’s Administrative, Physical, and Technical Safeguards.
  • Implementation of procedural and technical safeguards to prevent Dedo employees from improperly accessing PHI.
  • Designation of a Chief Security Officer responsible for information system monitoring and information security policy oversight.
  • Mandatory HIPAA privacy and security training for all workforce members.
  • Encryption of patient data at rest and in transit according to industry-best security standards.
  • Implementation of audit trail and record retention capabilities.
  • Execution of Business Associate Agreements with customers, vendors, and subcontractors, where appropriate.
  • Regular reassessment of all policies and procedures to ensure that HIPAA rules continue to be addressed.

SOC Certifications: Dedo is SOC 1 Type 2 compliant and in the process of achieving SOC 2 Type 2 certification.