Security First
Healthcare data demands the highest level of protection. Security is not an afterthought at Unified Imaging—it's built into everything we do.
Our Commitment to Security
As a healthcare technology company, we understand that security isn't just a feature—it's a fundamental requirement. Eye care professionals trust us with sensitive patient data, and we take that responsibility seriously.
Our security program is designed to protect the confidentiality, integrity, and availability of your data through a comprehensive approach that includes technical controls, administrative policies, and physical safeguards.
Enterprise-Grade Infrastructure
Our platform is built on Microsoft Azure's healthcare-grade cloud infrastructure, providing the reliability and security demanded by healthcare organizations worldwide.
Azure Cloud Platform
Hosted on Microsoft Azure's HIPAA-compliant infrastructure with enterprise-grade security controls and certifications.
Geographic Redundancy
Data is replicated across multiple geographic regions to ensure high availability and disaster recovery capabilities.
Tier III+ Data Centers
Physical infrastructure housed in SOC 2 certified data centers with 24/7 security, biometric access, and environmental controls.
99.9% Uptime SLA
Enterprise-grade service level agreements ensure your imaging platform is available when you need it most.
Data Protection
We employ multiple layers of encryption and security controls to protect your data at every stage of its lifecycle.
Encryption at Rest
All stored data is encrypted using AES-256 encryption, the same standard used by financial institutions and government agencies.
Encryption in Transit
All data transmissions are protected using TLS 1.3, ensuring secure communication between your devices and our servers.
Key Management
Encryption keys are managed through Azure Key Vault with hardware security modules (HSMs) and automatic key rotation.
Secure Backups
Automated, encrypted backups with point-in-time recovery capabilities ensure your data is never lost.
Access Controls
We implement strict access controls to ensure only authorized personnel can access your data, with comprehensive audit trails for accountability.
- Role-Based Access Control (RBAC): Users are granted access based on their role and the principle of least privilege, ensuring they can only access data necessary for their job function.
- Multi-Factor Authentication (MFA): MFA is required for all user accounts, adding an additional layer of security beyond passwords.
- Single Sign-On (SSO): Integration with enterprise identity providers (SAML 2.0, OAuth 2.0) for centralized access management.
- Session Management: Automatic session timeouts and secure session handling protect against unauthorized access.
- IP Allowlisting: Enterprise customers can restrict access to specific IP ranges for additional control.
Comprehensive Audit Logging
Every access to Protected Health Information (PHI) is logged with detailed information including:
- User identity and role
- Timestamp and duration of access
- Data accessed and actions performed
- Source IP address and device information
Audit logs are retained for a minimum of 6 years and are available for compliance reporting and investigations.
Incident Response
We maintain a comprehensive incident response program to quickly detect, contain, and recover from security events.
24/7 Monitoring
Continuous security monitoring with automated alerting for suspicious activities and potential threats.
Threat Detection
Advanced intrusion detection systems identify and alert on potential security threats in real-time.
Rapid Response
Documented incident response procedures ensure swift containment and remediation of security events.
Breach Notification
In the event of a breach, we notify affected customers within 72 hours in accordance with HIPAA and applicable regulations.
Compliance Certifications
We maintain industry-recognized certifications and undergo regular third-party audits to validate our security controls.
SOC 2 Type II
Annual third-party audit validating our security, availability, and confidentiality controls. Reports available to customers under NDA.
HIPAA Compliance
Full compliance with HIPAA Security Rule, Privacy Rule, and Breach Notification Rule. Business Associate Agreements available.
HITRUST CSF
Aligned with the HITRUST Common Security Framework, the healthcare industry's most comprehensive security standard.
Regular Security Assessments
- Penetration Testing: Annual third-party penetration tests by qualified security firms
- Vulnerability Scanning: Continuous automated vulnerability scanning of all systems
- Code Reviews: Security-focused code reviews for all application changes
- Risk Assessments: Annual comprehensive risk assessments in accordance with HIPAA requirements
Employee Security
Our security program extends to every member of our team, ensuring that human factors are addressed alongside technical controls.
- Background Checks: Comprehensive background checks for all employees before hire
- Security Training: Mandatory security awareness training for all employees upon hire and annually thereafter
- Role-Based Training: Additional specialized training for employees with access to sensitive systems
- Clean Desk Policy: Physical security policies to protect sensitive information in office environments
- Secure Development: Developers trained in secure coding practices and OWASP guidelines
Security Questions
We welcome questions about our security practices and are happy to provide additional documentation to support your vendor assessment process.
Request Security Documentation
Need our SOC 2 report, security whitepaper, or other compliance documentation? Contact our team to request access.
Contact Us