MediLynx is committed to protecting all patient PHI (Protected Health Information) that is entrusted to us and is fully compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). MediLynx continuously evaluates and improves its products and systems, ensuring they incorporate state-of-the-art information technology privacy and security measures, and has instituted policies and procedures to safeguard this data, including, but not limited to, the following:
Access to patient data is strictly regulated. All employees are required to sign a confidentiality agreement as a condition of their employment. Additionally, MediLynx has initiated formal practices to assign appropriate personnel access to data, and policies are in place to govern the proper movement and handling of that data.
MediLynx and its data processing locations are physically secure. Access to all offices is controlled via electronic card both externally and at internal control points. MediLynx data processing is conducted in secured and locked facilities, with a first-tier hosting provider that holds certifications such as SOC 1, 2 and 3, as well as SOC 27001. The hosting provider maintains the security of the facility at all times, and no one is permitted to enter the structure without proper access.
To further protect sensitive data, MediLynx includes (but is not limited to) security architecture requirements for encryption, login credentials, session timeout, and validated backups as follows:
Encryption: All PHI transmitted or stored by MediLynx is encrypted using methods that surpass industry standards, this includes access to our website and other online resources which patients or clinicians may use to review diagnostic results.
Login Credentials: Every user with access to the MediLynx systems are required to maintain an individual username and password with length and complexity requirements designed to prevent unauthorized access. Multiple unauthorized access attempts will result in the account being disabled.
Session Timeout: Secure areas of our websites and systems have timers established that terminate sessions after a specified amount of time with no activity to reduce the possibility of unauthorized access from an unattended computer.
Validated Backups: MediLynx maintains multiple sets of backups of production data at the file system, database, and container level, which are regularly validated. All backups are encrypted, and access to them is restricted and logged.