At Medacist, we implement industry-leading security measures to safeguard and maintain the highest level of HIPAA compliance. Since our inception in 1998, our roles as data stewards and protectors of all protected health information (PHI) remain central to our daily mission and will never waiver.
Backed by the latest in cloud-based computing software and security, our systems protect against any potential data loss or server failure, along with seamless encryption of all transmitted and stored data.
Please see below for a list of additional security resources:
This document describes the cryptographic techniques and standards used in Medacist Solutions Group’s IT infrastructure. Outlined in this document are the accetable levels of encryption for use at Medacist Solutiosn Group and how they are applied to data transmissions and data storage.
This policy applies to all members, contractors and interns of Medacist Solutions Group.
Ciphers in use must meet or exceed the set defined for us in the United Sates National Institue of Standards and Technology (NIST) publication FIPS 140-2, or any superseding documents according to the date of implementation. The use of the Advanced Encryption Standard (AES) is strongly recommended for symmetric encryption.
Algorithms in use must meet the standards defined for use in NIST publication FIPS 140-2 or any superseding document, according to date of implementation. The use of the RSA and Elliptic Curve Cryptography (ECC) algorithms is strongly recommended for asymmetric encryption.
Hash Function Requirements
Medacist Solutions Group requires the use of the SHA-2 family of hash functions or better. Hash functions must meet or exceed the set defined for us in the NIST publication 180-4 or any superseding document, according to the date of implementation.
Key Agreement and Authentication
Key exchanges must use one of the following cryptographic protocols: Diffie-Hellman, IKE, or Elliptic curve Diffie-Hellman (ECDH).
End points must be authenticated prior to the exchange or derivation of session keys.
All servers and applications using SSL or TLS must have the certificates signed by a known, trusted provider and must only use TLSv1.2 or higher.
Cryptographic keys must be generated and stored in a secure manner that prevents loss, theft, or compromise.
Key generation must be seeded from an industry standard random number generator (RNG). For examples, see NIST Annex C: Approved Random Number Generators for FIPS PUB 140-2 Encryption Policy 4 Medacist Solutions Group, LLC
Management will verify compliance of this policy through various methods including but not limited to, business tools, reports, and audits.
Any exceptions to the policy must be approved by the CEO in advance.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.