Fluxmed Security Policies and Processes

Core Consultoria e Serviços Ltda, limited company, headquartered in Brasília - DF, registered with the CNPJ under No. 05.490.544/0001-00, sole and exclusive owner of the brands and domains associated with the so-called "Fluxmed" and "ehrrunner" and “fluxmed.com.br” and “ehrrunner.com” and “ehrrunner.com.br” establish these terms of use for the use by patients of individual clinics or offices and hospitals (“Patients” or “Users”).

Password and credential storage
All credentials are stored in secure identity provisioning systems, where user identity information is kept anonymous, after authentication all transactions are authorized using OpenID tokens.

Context separation
A user's data in Fluxmed is visible only to that user and to whom he or she consents access through the use of sharing in web applications or for mobile devices.

Infrastructure Security

Hosting and Data Storage
Fluxmed applications and data are hosted on AWS - Amazon Web Services servers, located in the region sa-east-1 (São Paulo Brazil).
Amazon has several compliance programs related to security, such as ISO 27001, PCI level 1, HIPAA and SOC.

Virtual Private Network
All of our servers are allocated in VPC - their own virtual private network with access controls that prevent unauthorized requests from reaching our internal network. We use good practices as a connection via hosts bastion for communicating with our production servers.

Backups and Monitoring
Our data has automated daily backups in the RDS - relational database service and stored and verrinated in the S3 - simple storage service. The infrastructure is monitored for anomaly detection, using CloudWatch - AWS active infrastructure monitoring system.

Authentication and Authorization
All our employees of our technical team with access to infrastructure use two-factor authentication in their access accounts and access via VPN - Virtual Private Network, gaining access to only what is necessary for the performance of their system maintenance activities.

Encryption in transit
All application endpoints and APIs use TLS / SSL security policies recommended by AWS (ELBSecurityPolicy-2016-08).

Encryption at rest
All of our application database instances have encryption at rest, just like the stored files we encrypt on S3.

Software Inventory
The inventories of software authorized for use by Fluxmed employees are updated every six months. We verify that the software is being updated and maintained by the manufacturer, to keep our development environment safe.

Hardware Inventory
The hardware inventory with the attributes of the devices used for development are automatically updated depending on the responsible employee.

Safe Development

Code Review
In order for a code to be considered suitable for implementation in a production environment, it is reviewed in an approval environment in advance, to detect anomalies.

GPG
All software code is signed before being stored in the code repositories, to guarantee authorship and accountability of the author.

Segregation of Environments
All production data are segregated from the development and approval environments. The homologation environment is maintained in VPC - virtual private network on AWS are totally separated in the region located in the us-east-1 region (north Virginia), and a development environment without Core Consultoria e Serviços Ltda's own servers.

Security Questions?
If you suspect a security vulnerability, contact hostmaster@fluxmed.com.br

See more about Fluxmed in Terms of Use and Privacy Policies.

Leave a Comment

Your email address will not be published.

You may use these HTML tags and attributes: <a href=""> <abbr> <acronym> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Send a Message
en_USEnglish
Powered by TranslatePress »