Security and Compliance

Kipu has multiple layers of security and encryption

...to ensure your patient data is both HIPAA compliant and protected from nefarious actors.

Security is job one.
Kipu’s secure, durable technology platform meets industry ­recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, and SOC 1/SSAE 16/ISAE 3402. Services and data centers utilized have multiple layers of operational and physical security to ensure the integrity and safety of data. To protect data security during electronic transmission, files containing PHI are encrypted using 256-bit AES algorithms.

Furthermore, to reduce the risk of exposing PHI and to reduce bandwidth usage, any data, including PHI, not required by applications running in the cloud is removed prior to transmission.  Token and key­based authentication for the systems administrators uses a 2048-bit RSA key pair, with private and public keys and a unique identifier for each key pair help facilitate secure access. Administrators also can utilize a command­line shell interface and Secure Shell (SSH) keys to enable additional security and privilege escalation. User access requires Secure Socket Layer (SSL)-encrypted endpoints to the Kipu service, a username/password combination, and additional safeguards including device identification, two-factor authentication, and IP restrictions.

All sensitive data including social security numbers, birth dates, and many other fields are encrypted.

The Bottom Line
Kipu has implemented extraordinary measures to ensure the safety of your HIPAA protected files.

  • Built for the cloud; no VPN or other applications required
  • Data encryption and HIPAA certified by MBHC
  • Separate virtual servers for each client; 6,971 in all
  • Servers on a private network, not exposed for hackers to see
  • NOT multi-tenant or multi-user
  • Regular data intrusion testing
  • Two-Factor authentication
  • Available Yubi Key–Hardware USB
Image

HIPAA Compliance
One of the most important legal matters facing the health care industry as a whole is the protection of Personal Information and compliance with HIPAA (the Health Insurance Portability and Accountability Act). The Addiction Treatment industry is not exempt from the HIPAA laws and must comply with these regulations. One of the best ways to ensure compliance is to invest in an Electronic Medical Records (EMR) platform that is HIPAA compliant.

Kipu, was designed inside the Addiction Treatment community…FOR…the Addiction Treatment community.  And since Day One, Kipu has always had the security parameters in place to ensure your records are protected and HIPAA compliant.

Of course, we have to add that your organization must also have policies and procedures in place to ensure the human element follows all the HIPAA regulations.  But it brings great peace of mind to the owners of Treatment Centers knowing that their records are SAFE and SECURE inside of Kipu’s fully HIPAA compliant environment.

Hardened Protection. Rigid Compliance.
Kipu was built first for security and compliance from the ground up. Here’s how and why: Some EMRs are so old that they pre-date the Internet, HIPAA, security and compliance requirements as we now know them. They had to backtrack and adapt to the latest rules and security threats, not to mention true cloud computing. Kipu is built in the cloud in agile development and coded in modern programming languages that are much faster, more secure, and cloud friendly, engineered to be easily used on your mobile device or tablet.

Kipu installs separate virtual servers for each client. We are not a multi-tenant or multi-account system (like a bank where all accounts reside in one system). Rather, there is no single place where all Kipu records reside. Our system uses more than 21,400 servers (and counting), all encrypted.

The illustration above depicts the Kipu Cloud Network, which is replicated in different data centers all over the United States States (in the EU for EU clients, or in Canada for Canadian clients). This represents the nature of Kipu’s Cloud Network as it relates to multiple clients.

With Kipu, each client is segregated from every other client and their data, so while Kipu has hundreds of clients, each has their own servers. In fact, each averages six separate encrypted virtual servers for redundancy and safety. It’s virtually impossible for a data thief to even find Kipu’s 6,791 servers, much less hack into each one individually. Every client’s data is securely encrypted thus reducing the data domain and attack — unlike our competitors who run multi-account, multi-tenant and barely encrypted systems. This Kipu cloud network running 21,400 servers costs Kipu millions of dollars to host and run — we think it’s worth it, but our competitors do not.

Kipu contracts the industry’s best professional data hackers, who consistently conducts penetration tests on Kipu, and we’re monitoring all traffic for new threats that go above and beyond the industry standard. Our multi-factor authentication — which works with text messages or hardware tokens — adds layers of security other technologies just don’t have.

The Master Instance Cloud Network Topology

Image

 

Single Instance Topology 
This illustration represents a rough visual representation of what the Kipu cloud network might look like. With a single instance or client facility implementation might be better (and roughly) represented by this (virtual) server topology.

Breach Protection
Surely you’ve read about the data breaches at many major retailers, Sony Pictures, Ashley Madison, Equifax, Linked In, the U.S. Government (22 million employee files), and various health insurance companies. Here’s a “not-so-fun-fact”: a stolen credit card data file is worth about $25 on the black market, where they are sold and traded in places like Russia.

The hackers who broke into Target’s system (the huge national retailer) stole 40 million credit cards and illegally sold those for as much as $25 per card. Health data is a whole other story. A health data file, like those recently stolen — from Anthem, is worth closer to ten times as much. So who do you think the most dangerous hackers are targeting…credit card data or health record files? They are targeting health record files for larger illegal payoffs.

$5 MILLION

We carry $5 million in Cybersecurity insurance.

More to consider...
Here’s another consideration: In the event of a data breach, YOU as the owner of the data must report the breach to your clients and the government — and the fines for unintentional HIPAA data breaches can run $100 to $50,000 per breach — per record — so fines may run into the millions of dollars. Customer goodwill is another immeasurable cost. Saving a few thousands of dollars now cannot possibly justify the risk of a wholesale HIPAA data breach.

Safe. Protected. Efficient.
Kipu was built first for security and compliance from the ground up. Here’s how and why: Some EMRs are so old that they pre-date the Internet, HIPAA, security and compliance requirements as we now know them. They had to backtrack and adapt to the latest rules and security threats, not to mention true cloud computing. Kipu is built in the cloud in agile development and coded in modern programming languages that are much faster, more secure, and cloud friendly, engineered to be easily used on your mobile device or tablet.

 

Image Image
Image

 

Cloud Network
Kipu’s super secure Private Cloud Network ensures your data is protected from malicious threats while also giving you the ability to access your Kipu instance from virtually any Internet connected PC, smartphone, or tablet.

Think of all the things you do NOT have to worry about with Kipu’s Private Cloud Network:

  • You don’t have to worry about downtime. We have a 99.99% uptime guarantee!/li>
  • You don’t have to worry about maintaining expensive servers. Kipu does it for you.
  • You don’t have to recruit, hire, and manage expensive I.T. staff. Kipu does it for you.
  • You don’t have to worry about expensive upgrades. We update Kipu for you, ensuring you’re always working on the latest version of Kipu.

Kipu Was Built To Be Secure
Kipu was built first for security and compliance from the ground up. Here’s how and why: Some EMRs are so old that they pre-date the Internet, HIPAA, security and compliance requirements as we now know them. They had to backtrack and adapt to the latest rules and security threats, not to mention true cloud computing. Kipu is built in the cloud in agile development and coded in modern programming languages that are much faster, more secure, and cloud friendly, engineered to be easily used on your mobile device or tablet..

Image

Here's what we do to safeguard your data

Kipu installs separate virtual servers for each client. We are not a multi-tenant or multi-account system (like a bank where all accounts reside in one system). Rather, there is no single place where all Kipu records reside. Our system uses more than 21,400 servers (and counting), all encrypted.

The illustration above depicts the Kipu Cloud Network, which is replicated in different data centers all over the United States (in the EU for EU clients, or in Canada for Canadian clients). This represents the nature of Kipu’s Cloud Network as it relates to multiple clients.

In the illustration above you see a representative visual depiction of a Single Client Instance with its unique virtual servers where each client is allocated up to 24 virtual servers, separate from all other clients.

Segregated Servers For Unmatched Security.
With Kipu, each client is segregated from every other client and their data, so while Kipu has hundreds of clients, each has their own servers. In fact, each averages six separate encrypted virtual servers for redundancy and safety. It’s virtually impossible for a data thief to even find Kipu’s 21,400 servers, much less hack into each one individually. Every client’s data is securely encrypted thus reducing the data domain and attack — unlike our competitors who run multi-account, multi-tenant and barely encrypted systems.

Also note of importance: This network topology not only safeguards data, it is also redundant, and because each client has their own servers, there cannot be a mass outage of service to all users (absent a natural disaster, act of war, or mass outage of connectivity, for example). Many of our competitors who do not want to spend millions of dollars on separate servers for each client for additional security. They use a multi-account system where all of their clients’ data resides in a single database on one or several servers. There may be tens or hundreds of thousands of HIPAA-Protected records on one of their servers. In their multi-account system, there is one or several servers, where all client data is housed neatly in one place for a data thief to target. Because they do not allocate separate redundant and secure servers to each client, they mix all their clients’ data on a single or small group of servers. That is the kind of system architecture data pirates look for!

Eliminating Threats Before They Happen.
Kipu contracts the industry’s best professional data hackers, who consistently conduct penetration tests on Kipu, and we’re monitoring all traffic for new threats that go above and beyond the industry standard. Our multi-factor authentication — which works with text messages or hardware tokens — adds layers of security other technologies just don’t have.

With Kipu, each client is segregated from every other client and their data, so while Kipu has hundreds of clients, each has their own servers. In fact, each averages six separate encrypted virtual servers for redundancy and safety. It’s virtually impossible for a data thief to even find Kipu’s 21,400 servers, much less hack into each one individually. Every client’s data is securely encrypted thus reducing the data domain and attack — unlike our competitors who run multi-account, multi-tenant and barely encrypted systems.

This Kipu cloud network running 21,400 servers costs Kipu millions of dollars to host and run — we think it’s worth it, but our competitors do not.

Image Image