ZENTAKE is HIPAA compliant.
The Health Insurance Portability and Accountability Act is a law of the US government that sets rules and requirements for the management and protection of health-related personal information, often called personal health information (PHI) or electronic personal health information (ePHI).
ZENTAKE has implemented the safeguards required by the law and has been audited by a third-party, checking our compliance with the requirements, and the effectiveness of the implemented controls and procedures. ZENTAKE has met or exceeded requirements related HIPAA compliance.
ZENTAKE is compliant with the strictest electronic signature laws:
The ZENTAKE system is well protected, with best-practice security solutions implemented. When you are using our services—for example, logging in to the website and accessing documents—the connection between your computer and ZENTAKE servers is encrypted using Transport Layer Security (TLS) Version 1.2.
Your data are also encrypted when stored using the AES-256 encryption standard, which is used by the US government to protect confidential information.
We are continuously updating our servers and systems with the latest security updates, and the effectiveness of these updates is validated regularly. The ZENTAKE network environment is monitored, and each network connection is checked for malicious activities (an intrusion detection system).
Our systems and services are placed in AWS data centers using AWS services. AWS data centers provide high-level security, including remote locations, guards protecting the area and buildings, redundant power supply lines, redundant internet connections, and automated fire suppression systems.
Both AWS data centers and services are certified by independent auditors according to ISO 27001 (information security management system), ISO 27017 (information security management systems in the cloud), ISO 27018 (information privacy in the cloud), SOC 2, and HIPAA requirements, meaning that systems operate on certified secure services.
ZENTAKE is committed to protecting your data and providing a secure service to you. Additionally, using high-availability servers and encryption at transit and rest, we restrict the who, how, and when of access to production environments.
Employee background checks are carried out according to the local laws. We train all employees about security and privacy principles, as well as how to implement them within our environments.
Access to customer data is limited to employees who need to access it and when they need to access it (for example, troubleshooting). All access and activity is logged and monitored. User accounts and access levels are reviewed regularly.
All systems in the production environment are configured to provide the highest level of security. To ensure this, we use security checks and automated update tools.
ZENTAKE is running on AWS services using high-availability and fault-resistant solutions. Our systems are running at multiple physical locations (so-called availability zones) at the same time, ensuring that, if one of the zone services is interrupted (a highly unlikely event), the other zone continues to operate and provide services.
ZENTAKE has created a disaster recovery plan and a business continuity plan describing step-by-step how to ensure continuous operation. We regularly test scenarios and constantly improve our methodologies to ensure that our services are available to you. Our operation team regularly monitors the services and operational KPIs to provide you with the highest availability possible.