HIPAA and Information Security

At Ontash we handle many different digital assets belonging to the company and our customers. This includes source code, patient healthcare records, financial information and other types of sensitive information. Safeguarding such information is our highest priority, especially given ever-increasing threats against digital information.

Our emphasis on information security goes well beyond standard best practices and HIPAA requirements, incorporating in-house security measures throughout the company.

All employees must pass a background check, sign an agreement to protect data, and pass an information security course before starting work. Every twelve months employees must pass a refresher course, so that they are up-to-date with new HIPAA guidelines.

Vendors that we work with also sign a Business Associate Agreement (BAA) with us, to accept and acknowledge their responsibility in protecting data.

The company has a designated Information Security officer, whose job it is, to ensure that corporate security protocols are adhered to company-wide, and who also coordinates responses to security incidents and/or lapses. Annual risk assessments, conducted by a third party IT security specialist provide work program recommendations and security-oriented improvements.

At a physical network and computer security level, the company invests in smart routers, encrypted disks, intrusion detection software and other tools and best practices.

When building software, our engineers are taught how to code “secure software”. They also test for vulnerabilities with the Quality Assurance team.

At Ontash, our ever-improving process for safeguarding sensitive data, is the result of a cultural commitment to security excellence, supported by investment, training and documented work routines.