Data Security
Our highly secure AWS cloud services architecture ensures compliance with the protection of personal and confidential health information by the establishment, in accordance with legislative and regulatory frameworks in Quebec and Canada.
Here is a summary of the characteristics of Virtuose Technologies' secure hosting architecture on the AWS platform:
-
Integration of the "DevSecOps" Best Practice: This allows developers to integrate security throughout the development and implementation of the solution.
-
End-to-End Data Encryption: All data is encrypted both in transit and at rest.
-
Robust Security Based on the Principle of Default Denial of Access: Access to data and services is denied by default.
-
Principle of Least Privilege: Implementation of the principle of least privilege for access to data, minimizing the attack surface for malicious actors.
-
Controlled Access Limits and Diligent Monitoring: Implementation of controlled access limits to all cloud resources, with diligent monitoring of attempts and attacks provided by AWS experts in cybersecurity.
-
Role-Based Access Control (RBAC): Implementation of RBAC policies limiting authorized access to specific data fields rather than access to the entire database.
-
Robust and Ephemeral API Access Key Infrastructure: Deployment of robust and ephemeral API access keys, minimizing the window of opportunity for malicious actors.
-
Different Access Points for Different User Groups: Deployment of different access points for each user group or type, such as by establishment and by category of access rights (health professional, administrator, etc.).
-
Verification of API Responses and Specialized Access Modules: Exhaustive and disciplined verification of the format of responses returned by APIs or limited and specialized access modules by data type.
-
Best Practices for Logging and Monitoring: Implementation of best practices for logging and monitoring.
-
High-Level Protection and Recovery Services from AWS: High-level protection and recovery services offered by AWS in case of malicious attacks, including various types of cyberattacks that are difficult to manage in traditional on-site environments.
Data can then be transmitted through an interface to various information systems within the organization. The platform is interoperable with all clinical information systems, using the international FHIR-HL7 communication standard to be portable across all supporting platforms. The solution can interface with systems such as the clinical information system of the establishment, ADT/Index, DCI/DPE, future DSN, Pharmacy, etc., to avoid double entry of clinical information.
This interoperability, supporting data exchange between Virtuose Console and other information capture systems, generates a significant time-saving for healthcare personnel and fosters the adoption of the solution by clinical staff. Additionally, any information captured in our platform can be redirected to the clinical system used by the establishment. Note that Virtuose Console can also operate without an interface with the various information systems in place in the organization (autonomous operation).
Furthermore, all information consultation from the collected data is done through the same platform: Virtuose Console. Thus, Virtuose Console consolidates information from connected objects and disseminates it using customizable dashboards.
The proposed solution is a cloud-based (SaaS) solution that adheres to all best practices in terms of development and security. It follows the following rules:
- Cloud-based AWS solution hosted in Canada.
- Data transmission with SSL/TLS encryption.
- Data at rest hosted with SSL/TLS encryption.
- Two-factor authentication (configurable activation or not).
- Permissions managed in the form of group/role: The notion of permissions is present in the application to assign rights by user groups or by users.
- Event logging.
- Types of authentications: Local, SSO - Active directory (if available)