Security
and Privacy

At MedPass, security comes first. Our platform and customers’ safety is our top priority.

Two mobiles displaying the MedPass app screens.

Enterprise Security

Endpoint Protection

Our company prioritizes the security and protection of our systems and data. We employ a multi-layered approach to endpoint security, utilizing a combination of antivirus/antimalware software, firewalls, patch management, data encryption, application whitelisting, and device control policies.
We continuously monitor and manage endpoint security measures to ensure effectiveness and responsiveness to evolving threats. Our dedicated security team conducts regular assessments, audits, and updates to maintain the integrity and robustness of our endpoint security infrastructure.

Vendor Security

MedPass adopts a risk-based strategy to assess vendor security, considering several factors when determining the inherent risk rating. These factors include the vendor’s access to customer and corporate data, integration within production environments, and potential impact on the MedPass brand. Following this assessment, vendor security undergoes rigorous evaluation to establish a residual risk rating and make an informed approval decision.

Secure Remote Access

MedPass ensures secure remote access to internal resources by utilizing OpenVPN, a cloud-based platform. Additionally, we employ malware-blocking DNS servers to safeguard employees and their endpoints during internet browsing.

Security Education

MedPass ensures robust security awareness among employees by providing comprehensive training upon onboarding and annually through educational modules on platforms such as Vanta and Riot. Our engineers undergo additional mandatory live sessions focusing on secure coding principles and practices.

Identity and Access Management

MedPass employs Multi-Factor Authentication (MFA) to enhance identity security by mandating multiple verification methods for accessing our systems and applications. Additionally, we utilize Vanta’s access management module to oversee and administer employee platform access.
Access to applications at MedPass is role-based, with employees granted permissions based on their job functions. When an employee’s tenure concludes, access rights are automatically revoked. Any additional access requests must adhere to the specific application’s approval policies established by our organization.
Man at computer satisfied with HealthBird security.

Penetration Testing

MedPass collaborates with a top-tier penetration testing consulting vendor on an annual basis to ensure the robustness of our security measures.
These assessments encompass all aspects of the MedPass product and cloud infrastructure. To facilitate comprehensive testing and maximize effectiveness, testers are granted full access to our source code.

Vulnerability Scanning

MedPass employs AWS services for ongoing monitoring of its cloud infrastructure, utilizing automated scanning and monitoring tools to proactively detect and resolve potential vulnerabilities. Additionally, Vanta facilitates automated vulnerability assessments, identifying security weaknesses across the IT infrastructure and offering actionable insights for remediation, thereby streamlining the vulnerability management process.
Imagem do beija-flor da HealthBird e o logotipo da AWS.
Illustration of a man at the computer and a padlock.

Data Protection

At MedPass, we uphold rigorous data security standards to protect data information both at rest and in transit. For data at rest, we employ encryption techniques to render data unreadable to unauthorized individuals, coupled with stringent access controls to restrict access solely to authorized personnel. Additionally, regular data backups are conducted to ensure swift recovery in the event of unforeseen incidents. When data is in transit, we utilize robust encryption protocols such as TLS or SSL, alongside secure communication channels like HTTPS, to safeguard it from interception or tampering. While these measures aim to fortify data security, we continually monitor and update our practices to adapt to evolving threats, prioritizing the confidentiality and integrity of the information above all else.

Data Privacy

At MedPass, data privacy is a first-class priority - we strive to be trustworthy stewards of all sensitive data.

HITRUST certification

MedPass is HITRUST e1 certified, demonstrating our commitment to top-tier data security for our customers and partners.

HITRUST e1 certification badge.
Icon of a star and two plus signs.

Regulatory Compliance

We are committed to staying abreast of regulatory compliance updates and framework requirements to enhance our processes and services continually. Our dedication to staying current ensures that we maintain compliance with evolving standards, providing our customers with the highest level of service and trust.

Icon of a file and a padlock.

Privacy Policy

https://www.medpassplans.com/privacy-policy