Customer Case Study

The security of our client’s data is extraordinarily important to AspectN. We have a structured information security program to manage IT Security risk and compliance. The program provides for the confidentiality, integrity, and availability of all AspectN electronic and physical assets through administrative, technical, and physical security controls. This white paper provides an overview of our security program in the following areas.

  • Policy Framework
  • Physical Security
  • Network and Data Protection
  • Identity and Access Management
  • Audit Logging
  • Software Development
  • Business Continuity & Disaster Recovery

AspectN Product Overview:

AspectN is a new era Healthcare company dedicated to improving patient care. Our software serves home care facilities, senior living, rehabilitation care and nursing homes. Our fully customizable goal driven Care will assist care providers provide best care to patients. Below are some of our product highlights. 


Product Highlights

Reduce Overtime and Streamline Clinical Processes

  • Dramatically improve operational workflows and reduce the volume of administrative work with our connected platform. Avoid staff working through breaks or after hours just to keep up.
  • Streamline your documentation process and improve accuracy with your documents

Benefits for Care Providers

  • Spend more quality time with your residents and less time documenting scheduled and unscheduled tasks. Activities of daily living (ADLs) can be completed in less than 1 minute.
  • Reduce the burden of paper processes and referencing a resident’s medication administration record (MAR) and treatment administration record (TAR) with eMAR.
  • Foster stronger relationships with all your residents by encouraging participation and engagement in personalized programs.

Communicate Effectively with Families

  • Keeping family members informed, especially during emergencies, helps build trust and confidence and alleviates stress caused by lack of information.
  • We have the right tools to help you engage with resident families in a timely manner and increase your staff’s productivity by automating communication. 
  • Early access to your patient information like medications, diagnoses, care plan, goals will help improve patient hand-off safety and reduces the risk of readmissions


AspectN Architecture Diagram

AspectN application is a secure, scalable, and high available system by design and is hosted in Amazon Web Service.


Data We Collect

Below are the list of required datasets for AspectN application.


AspectN – Data Set

  • Patient Name and Contacts
  • Patient Physician Name and Contacts
  • Patient Case Information
    • Case No
    • Case Status
    • Care Dates
    • Care Details
    • Medication
    • Care Notes


Shared Security Model 

The shared responsibility security model is a framework adopted by many cloud providers and is applicable to software provided by AspectN.

  • AspectN and AWS are responsible for the security of our hosted software and underlying infrastructure.
  • The client is responsible for user account management like user setup, removal, assignments etc., based on company requirements.


Security Controls:

Policy Framework

AspectN has developed a suite of administrative controls in the form of policies. These policies set the foundation for all controls and requirements for our security and information technology programs. These policies are supported by standard operating procedures that define the specific implementation requirements for AspectN. These policies are also intended to establish the Company’s commitment to compliance with the HIPAA Security Standards and applicable Administrative Standards as set out in the Health Insurance Portability and Accountability Act (HIPAA).

Physical Security

AspectN has implemented physical security controls covering our places of business, protection of paper records, and the information resources that store electronic data. These controls are designed to prevent unauthorized persons who could potentially gain access to the building(s) and to sensitive information, and could alter system configurations, introduce vulnerabilities into the network, or destroy or steal equipment and/or data.

AspectN Offices

AspectN office is protected by electronic access controls with badged doors and office suites. All visitors are escorted within the office building. Office spaces are under video surveillance.

Data Centers

AspectN and client data are in Amazon Web Services data centers within the United States. AWS data centers are HIPPA compliant and has SOC 2 reports. Details of AWS datacenter physical security controls are available at


Network and Data Protection

AspectN’s extensive network and data protection controls provides security for sensitive data when in transit or at rest. Network security extents across multiple security controls. These controls define the network segmentation, dataflow, encryption, device connectivity, system access, and user defined access to the Company’s network. The network security controls establish the perimeters for access to the network as well as the controls and restrictions for connectivity to systems inside and outside the network.



All sensitive data at rest and in transit are encrypted using FIPS 140-2 compliant encryption. Encryption keys are rotated on a regular basis using automated mechanism. HTTPS is implemented for data in transit encryption.

Data Segmentation

AspectN is a multi-tenant application with options available for single tenant implementation. In multi-tenant implementation, different client’s data are logically separated using different database per client, and application layer controls are built in to ensure that users see only the data for which they have been explicitly authorized.

Data Retention and Destruction

AspectN attempts to keep the minimum amount of data necessary to provide our services, comply with regulatory retention requirements, and provide operational continuity. AspectN retains data for a minimum of 10 years but will support client’s retention requirements as needed. When our client relationships end, AspectN determines if regulatory retention periods apply to the data less than 10 years old. We then eliminate all patient identifiers from client data after those retention periods. This provides assurance that AspectN does not store client sensitive data after active services and regulatory retention periods have ended. In addition, we destroy end-of-life media using a method that complies with NIST Special Publication 800-88, Guidelines for Media Sanitization. Our cloud providers have data and media destruction provisions in their contracts with AspectN.

Identity and Access Management

AspectN access control systems are based on “least Privilege” access principle. Only minimum necessary access to systems and data are provided based on business need and job requirements. Access control systems is set with default “Deny-all” setting. Those requiring access are required to have a unique user ID and a private password. Role-based access control (RBAC) is implemented to restrict access based on the roles of individual users within an enterprise. RBAC ensures employees access only information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them. Below are the available roles within the AspectN application.

  • Organization Admin
  • Super Admin
  • Care Provider

 The addition, deletion, and modification of user IDs are managed and controlled by designated system administrator. Access Management system enforce complex passwords (minimum 8 character and should contain digits, special, lower-case, and upper-case characters) and all passwords are stored encrypted.

Audit logging

Audit trails are used to accomplish several security-related objectives, including individual accountability, reconstruction of events, intrusion detection, and problem analysis. AspectN has established standards and guidance for the configuration of audit trails for systems that store, process or transmits sensitive data. Audit logs are centrally managed and retained using cloud watch.


Software Development

Below is a high-level overview of AspectN Software Development Lifecycle process.


Business Continuity and Disaster Recovery

AspectN established and implemented a Business Continuity Plan and a system recovery procedure for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain sensitive data or results in an extended period of service disruption. AspectN business continuity strategy includes a combination of preventive and recovery controls to reduce the risk of loss of confidentiality, integrity, and availability to an acceptable level. AspectN application is built with high available architecture by leveraging multiple AWS availability zones. All critical systems and associated data are backed up regularly and back up data are secured using strong encryption. 


Give us a call at 615-619-3000 to talk about achieving your best performance

Let us know a little about you, and we’ll reach out to schedule an inside look at how partnering with Aspect N can drive your success.

By submitting your information, you agree to our Privacy Policy and  Terms of Use.