Security
Security is the foundation of our product and engineering at Apella.
Our approach
As a business associate to our customers, we take the sensitivity and security of partner data as our highest priority. The table below outlines our approach to security.
| Encryption | All data is encrypted in-transit end-to-end, and at rest. Log data is also encrypted to mitigate risk of ePHI in logs. |
| Minimum Necessary Access | Access controls always default to no access unless overridden manually. |
| Systems Access Training | All access requests and changes of access, as well as approvals, are tracked and retained. |
| Monitoring | All network requests, successful and unsuccessful, are logged, along with all system logs. Additionally, alerts are proactively sent based on suspicious activity. |
| Auditing | All log data is encrypted and unified, enabling secure access to full historical network and systems records. |
| Minimum Risk to Architecture | Secure, encrypted access is the only form of public access enabled to our servers. All access must first pass through Apella firewalls |
| Vulnerability Scanning | All Apella networks, endpoints and code are scanned regularly for vulnerabilities. |
| Intrusion Detection | All production systems have intrusion detection software running to proactively detect anomalies. |
| Penetration Testing | Automated penetration tests are run weekly, and all critical findings are escalated immediately. |
| Backup | All customer data are redundantly stored and rolling emergency backups are made daily and retained for 30 days. |
| Risk Management | We perform regular risk assessments to ensure that changes to our infrastructure and processes do not expose new risks to ePHI. Risk remediation is completed before changes are made in production |
| Physical Security | All sensitive data are stored in a cloud environment whenever possible and all Apella hardware is monitored and centrally managed. |
| Workforce Training | All Apella employees undergo annual HIPAA and security training. |
Reporting a security issue
If you suspect an issue with Apella security, please reach out to support@apella.io immediately. No security issue is too small, and we will respond to your request expeditiously.