AspectN is a new era Healthcare company dedicated to improving patient care. Our software serves home care facilities, senior living, rehabilitation care and nursing homes. Our fully customizable goal driven Care will assist care providers provide best care to patients. Below are some of our product highlights.
Reduce Overtime and Streamline Clinical Processes
Benefits for Care Providers
Communicate Effectively with Families
AspectN application is a secure, scalable, and high available system by design and is hosted in Amazon Web Service.
Below are the list of required datasets for AspectN application.
AspectN – Data Set
The shared responsibility security model is a framework adopted by many cloud providers and is applicable to software provided by AspectN.
AspectN has developed a suite of administrative controls in the form of policies. These policies set the foundation for all controls and requirements for our security and information technology programs. These policies are supported by standard operating procedures that define the specific implementation requirements for AspectN. These policies are also intended to establish the Company’s commitment to compliance with the HIPAA Security Standards and applicable Administrative Standards as set out in the Health Insurance Portability and Accountability Act (HIPAA).
AspectN has implemented physical security controls covering our places of business, protection of paper records, and the information resources that store electronic data. These controls are designed to prevent unauthorized persons who could potentially gain access to the building(s) and to sensitive information, and could alter system configurations, introduce vulnerabilities into the network, or destroy or steal equipment and/or data.
AspectN office is protected by electronic access controls with badged doors and office suites. All visitors are escorted within the office building. Office spaces are under video surveillance.
AspectN and client data are in Amazon Web Services data centers within the United States. AWS data centers are HIPPA compliant and has SOC 2 reports. Details of AWS datacenter physical security controls are available at https://aws.amazon.com/compliance/data-center/controls/
AspectN’s extensive network and data protection controls provides security for sensitive data when in transit or at rest. Network security extents across multiple security controls. These controls define the network segmentation, dataflow, encryption, device connectivity, system access, and user defined access to the Company’s network. The network security controls establish the perimeters for access to the network as well as the controls and restrictions for connectivity to systems inside and outside the network.
All sensitive data at rest and in transit are encrypted using FIPS 140-2 compliant encryption. Encryption keys are rotated on a regular basis using automated mechanism. HTTPS is implemented for data in transit encryption.
AspectN is a multi-tenant application with options available for single tenant implementation. In multi-tenant implementation, different client’s data are logically separated using different database per client, and application layer controls are built in to ensure that users see only the data for which they have been explicitly authorized.
AspectN attempts to keep the minimum amount of data necessary to provide our services, comply with regulatory retention requirements, and provide operational continuity. AspectN retains data for a minimum of 10 years but will support client’s retention requirements as needed. When our client relationships end, AspectN determines if regulatory retention periods apply to the data less than 10 years old. We then eliminate all patient identifiers from client data after those retention periods. This provides assurance that AspectN does not store client sensitive data after active services and regulatory retention periods have ended. In addition, we destroy end-of-life media using a method that complies with NIST Special Publication 800-88, Guidelines for Media Sanitization. Our cloud providers have data and media destruction provisions in their contracts with AspectN.
AspectN access control systems are based on “least Privilege” access principle. Only minimum necessary access to systems and data are provided based on business need and job requirements. Access control systems is set with default “Deny-all” setting. Those requiring access are required to have a unique user ID and a private password. Role-based access control (RBAC) is implemented to restrict access based on the roles of individual users within an enterprise. RBAC ensures employees access only information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them. Below are the available roles within the AspectN application.
The addition, deletion, and modification of user IDs are managed and controlled by designated system administrator. Access Management system enforce complex passwords (minimum 8 character and should contain digits, special, lower-case, and upper-case characters) and all passwords are stored encrypted.
Audit trails are used to accomplish several security-related objectives, including individual accountability, reconstruction of events, intrusion detection, and problem analysis. AspectN has established standards and guidance for the configuration of audit trails for systems that store, process or transmits sensitive data. Audit logs are centrally managed and retained using cloud watch.
Below is a high-level overview of AspectN Software Development Lifecycle process.
AspectN established and implemented a Business Continuity Plan and a system recovery procedure for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain sensitive data or results in an extended period of service disruption. AspectN business continuity strategy includes a combination of preventive and recovery controls to reduce the risk of loss of confidentiality, integrity, and availability to an acceptable level. AspectN application is built with high available architecture by leveraging multiple AWS availability zones. All critical systems and associated data are backed up regularly and back up data are secured using strong encryption.