©2019 MedaPrep, LLC.  All Rights Reserved.

Security Overview

Your Data

Managing security is an on-going process.  To keep your information safe the first step is to minimize the amount of information that is potentially vulnerable in the first place.  Within the MedaPrep application, minimal information is stored about each patient and is only stored as needed.  At minimum, MedaPrep needs some type of patient identification so that your application administrator can identify the patient easily.  This may be only a patient number/id or it may be their name.  The only other information needed is the phone number which will be used to send text messages.  All information is encrypted at the data/column level and at rest on the server itself.


Hosting Security

All servers housing the data are provided by our security and hosting partner, Atlantic.Net, and data is stored only on US based servers.  Your data hosting provides the following security:


  • HIPAA Compliant Cloud Hosting

  • Fully Managed Firewall

  • IP Reputation Monitoring

  • Intrusion Detection

  • Anti-Malware and Vulnerability Scans

  • Log Management and Review

  • Managed Security

  • Encryption – in transit using TLS 1.2 or higher encryption

  • Encryption at rest

  • Business Associate Agreement in place between MedaPrep and Atlantic.net

  • Business Associate Agreement available with MedaPrep

  • HIPAA and HITECH audited

  • SSAE 18 – SOC1 and SOC2

  • Two Factor Authentication

  • Offsite Encrypted Backup and Alternate Hosting Facilities

  • Documented Security Policies

  • $1m Cyber Insurance Policy with Travelers Casualty Insurance Company of America