HASA's Security Standards
As a community data repository and an unbiased data trustee, it’s important for HASA to exceed expectations for data security. Hospitals and practices entrust HASA with their data and therefore, must know and understand our commitment to protecting that data and maintaining the highest standards for sharing. HASA also has a role as a trusted agent to ensure and help all our participants have secure environments and help protect patient data per our BAAs
HASA was the first HIE in Texas to become EHNAC certified and is currently pursuing a much more stringent certification called HI-Trust. It takes everyone doing their part, to make sure data is secure. Below, we will share some of the ways that we are safeguarding HASA technology and we encourage everyone in the community to take the Cybersecurity Survey, even if you don’t have plans to participate with the HIE
HASA’s own Standards include but are not limited to:
- Data stored in a Tier 1 data center with SOC2 security- This means that the servers are protected by a guard and two-factor Authorization to physically access our servers. Our data center requires authorized ID and a handprint to enter the server cage.
- Data is stored on single tenant, stand-alone servers-This prevents the possibility of “memory leakage” (e.g. Meltdown and Spectre) and possible hacks that can happen when data is stored in virtual servers where multiple organizations run software at the same time.
- HASA maintains identical servers, in different parts of the country, with a complete back up “failover” system in the event of a natural disaster or malicious attack. Although there could be some potential down-time, the entire system should be back up in a matter of hours. This insures your data from ransomware attacks
- Copies of all code are stored in a secure code repository, with full change control documentation and regular audits of data usage and access.
- HASA supports Single Sign On and multifactor Authentication.
- Data is always encrypted in transit and at rest
HASA performs vulnerability testing and risk assessments on our vendor partners to help avoid issues like the Target breach where a hacker gained access through an HVAC contractor
2018 Cyber Security Preparedness Assessment
Please take a moment to complete the 2108 Cybersecurity Preparedness Assesment for companies of all sizes.