We are committed to protecting your personal data and the personal data of your clients. We have implemented several security measures to keep your data safe. The following information highlights some of these measures.
Cloud-based Service
LabSmarts is a cloud-based service hosted entirely on Amazon Web Services (AWS). All of your data is stored on AWS servers located within the United States.
Regulatory Compliance
LabSmarts maintains compliance with HIPAA regulations through internal policies, secure infrastructure, and a signed BAA with AWS.
Access to protected health information (PHI) is granted only to authorized personnel and is governed by internal access controls and training protocols.
LabSmarts has an active Business Associate Agreement (BAA) with Amazon Web Services (AWS) to ensure HIPAA-aligned handling of all stored and transmitted data.
We have a Data Processing Agreement (DPA) with AWS relating to our GDPR compliance. See the GDPR section in the Privacy Policy for more information.
In the event of a data breach, LabSmarts follows HIPAA’s Breach Notification Rule and will notify affected parties as required by law.
The section below shows our approach to meeting key regulatory compliance needs.
Need
Our Approach
Encryption of Data at Rest
We encrypt and store all data on our servers, including logs and backups, using AES 256-bit encryption.
Encryption of Data in Transit
We use AES-256 bit encryption while transferring your data to/from our servers along with TLS 1.2 to encrypt your data both between your browser and our servers and between our servers and other internal networks.
Physical Security
AWS is an SSAE 18 provider that utilizes industry-leading security tools, and best practices for managing and maintaining the security of the servers that store your data.
Monitoring
All network requests, successful and unsuccessful, are logged.
Auditing
All log data is encrypted and unified, enabling secure access to full historical network activity records.
Vulnerability Scanning
Network and host assessments are run weekly to check for security exposures and vulnerabilities.
Backups
All data is backed up daily. Thirty (30) days of rolling backups are retained.
Minimum Necessary Access
Access controls always default to no access unless overridden manually.
PCI Compliance
Payments processed through our website are done in a PCI compliant manner. We process subscription payments as a PCI Level 1 Service Provider.
Security of Your Password
Browser Password Security. We do not persist your password in your browser’s cache. We use secure cookies with limited lifespans. You will be asked to re-enter your login credentials if your session is idle for the allotted timeout period.
Password Storage. We do not store your password in plain text. Your password is encrypted, and only you know what it is. If you forget your password, you will have to reset it from the sign in page.
Suggestions for Keeping Your Account Secure.
Never share your username or password. It is a violation of our terms of service to share your username and password with anyone.
Always sign out when you are finished using the service.
Choose a strong password.
Contact Us
If you have general inquiries, questions, concerns, or comments about this Data Security Policy, please contact us using the contact form below.