Security and Compliance
Kipu has multiple layers of security and encryption

...to ensure your patient data is both HIPAA compliant and protected from nefarious actors.

Update:  The recent Quest Diagnostics breach: nearly 12 million patient records compromised

MADISON, N.J....On Monday, June 3, 2019, Quest Diagnostics announced that personal medical information for approximately 11.9 million patients may have been accessed by an unauthorized user through a third-party billing collections vendor between August 1, 2018 and March 30, 2019. Quest Diagnostics is the world’s leading provider of diagnostic testing, information and services.

The personal information the unauthorized user may have had access to included: Certain financial data, Medical information and yes, Social Security numbers.

It's another frightening incident in the battle against online crime. Kipu was built from the first line of code to be secure and 100% HIPAA-compliant. And at Kipu, security is an ongoing concern.

That's why with Kipu, Security is job one.
Today, safeguards must be in place to ensure appropriate protection of electronic protected health information. Kipu’s secure, durable technology platform meets industry ­recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, and SOC 1/SSAE 16/ISAE 3402. Services and data centers utilized have multiple layers of operational and physical security to ensure the integrity and safety of data. To protect data security during electronic transmission, files containing PHI are encrypted using 256-bit AES algorithms.

Furthermore, to reduce the risk of exposing PHI and to reduce bandwidth usage, any data, including PHI, not required by applications running in the cloud is removed prior to transmission.  Token and key­based authentication for the systems administrators uses a 2048-bit RSA key pair, with private and public keys and a unique identifier for each key pair help facilitate secure access. Administrators also can utilize a command­line shell interface and Secure Shell (SSH) keys to enable additional security and privilege escalation. User access requires Secure Socket Layer (SSL)-encrypted endpoints to the Kipu service, a username/password combination, and additional safeguards including device identification, two-factor authentication, and IP restrictions.

All sensitive data including social security numbers, birth dates, and many other fields are encrypted.

The Bottom Line
Kipu has implemented extraordinary measures to ensure the safety of your HIPAA protected files.

  • Built for the cloud; no VPN or other applications required
  • Data encryption and HIPAA certified by MBHC
  • Separate virtual servers for each client; 6,971 in all
  • Servers on a private network, not exposed for hackers to see
  • NOT multi-tenant or multi-user
  • Regular data intrusion testing
  • Two-Factor authentication
  • Available Yubi Key–Hardware USB
Image

HIPAA Compliance
One of the most important legal matters facing the health care industry as a whole is the protection of Personal Information and compliance with HIPAA (the Health Insurance Portability and Accountability Act). The Addiction Treatment industry is not exempt from the HIPAA laws and must comply with these regulations. One of the best ways to ensure compliance is to invest in an Electronic Medical Records (EMR) platform that is HIPAA compliant.

Kipu, was designed inside the Addiction Treatment community…FOR…the Addiction Treatment community.  And since Day One, Kipu has always had the security parameters in place to ensure your records are protected and HIPAA compliant.

Of course, we have to add that your organization must also have policies and procedures in place to ensure the human element follows all the HIPAA regulations.  But it brings great peace of mind to the owners of Treatment Centers knowing that their records are SAFE and SECURE inside of Kipu’s fully HIPAA compliant environment.

Hardened Protection. Rigid Compliance.
Kipu was built first for security and compliance from the ground up. Here’s how and why: Some EMRs are so old that they pre-date the Internet, HIPAA, security and compliance requirements as we now know them. They had to backtrack and adapt to the latest rules and security threats, not to mention true cloud computing. Kipu is built in the cloud in agile development and coded in modern programming languages that are much faster, more secure, and cloud friendly, engineered to be easily used on your mobile device or tablet.

Kipu installs separate virtual servers for each client. We are not a multi-tenant or multi-account system (like a bank where all accounts reside in one system). Rather, there is no single place where all Kipu records reside. Our system uses more than 21,400 servers (and counting), all encrypted.

The illustration above depicts the Kipu Cloud Network, which is replicated in different data centers all over the United States States (in the EU for EU clients, or in Canada for Canadian clients). This represents the nature of Kipu’s Cloud Network as it relates to multiple clients.

With Kipu, each client is segregated from every other client and their data, so while Kipu has hundreds of clients, each has their own servers. In fact, each averages six separate encrypted virtual servers for redundancy and safety. It’s virtually impossible for a data thief to even find Kipu’s 6,791 servers, much less hack into each one individually. Every client’s data is securely encrypted thus reducing the data domain and attack — unlike our competitors who run multi-account, multi-tenant and barely encrypted systems. This Kipu cloud network running 21,400 servers costs Kipu millions of dollars to host and run — we think it’s worth it, but our competitors do not.

Our multi-factor authentication — which works with text messages or hardware tokens — adds layers of security other technologies just don’t have.

The Master Instance Cloud Network Topology

Image
Redundant Application Servers
Each client is hosted on its own unique virtual servers. In the Kipu Cloud Network, clients DO NOT share the same virtual servers, and each client's patients are NOT mixed with other clients.

Redundant Database Servers
Each client is allocated two or more high-availability database clusters depending on needed resources, which are continually monitored and scaled if necessary for maximum speed and minimal latency.

Single Instance Topology 
This illustration represents a rough visual representation of what the Kipu cloud network might look like. With a single instance or client facility implementation might be better (and roughly) represented by this (virtual) server topology.

Image

Cloud Network
Kipu’s super secure Private Cloud Network ensures your data is protected from malicious threats while also giving you the ability to access your Kipu instance from virtually any Internet connected PC, smartphone, or tablet.

Think of all the things you do NOT have to worry about with Kipu’s Private Cloud Network:

  • You don’t have to worry about downtime. We have a 99.99% uptime guarantee!/li>
  • You don’t have to worry about maintaining expensive servers. Kipu does it for you.
  • You don’t have to recruit, hire, and manage expensive I.T. staff. Kipu does it for you.
  • You don’t have to worry about expensive upgrades. We update Kipu for you, ensuring you’re always working on the latest version of Kipu.

Kipu Was Built To Be Secure
Kipu was built first for security and compliance from the ground up. Here’s how and why: Some EMRs are so old that they pre-date the Internet, HIPAA, security and compliance requirements as we now know them. They had to backtrack and adapt to the latest rules and security threats, not to mention true cloud computing. Kipu is built in the cloud in agile development and coded in modern programming languages that are much faster, more secure, and cloud friendly, engineered to be easily used on your mobile device or tablet..