Data Security and Privacy
Roji Health Intelligence ensures robust security and data privacy throughout Roji Health Intelligence hardware and software.
Does Roji Health Intelligence meet HIPAA Security and Privacy standards in allowing access to the Registry?
Yes, we meet or exceed all HIPAA and HITECH requirements. Access to the Roji Registry requires individual authentication and is role-based.
How does Roji Health Intelligence physically secure the data?
Roji Health Intelligence is currently transitioning storage of data from a physical ultra-secure facility to an Amazon Web Services (AWS) environment that will provide even greater security and scalability. Vastly increased EHR clinical data and new services, like Episodes and Improvements, call more data simultaneously to populate views. Our move to AWS helps to ensure that greater insights don’t come at the expense of performance.
AWS is used by the largest governmental and private organizations, including health care, and provides additional security features for Roji applications and our clients’ data. The final transition will be complete in spring 2021.
Roji Health Intelligence production servers are currently located in an ultra-secure facility meeting the highest standards in the industry. The facility is an SAS 70 II/SSAE 16 compliant co-location, and has successfully attained SOC 2 Type 2 and SOC 3 reports. We have a redundant system backup at AWS, which provides SOC 1, SOC 2, and SOC 3 reports via the AWS Artifact. Regardless of the environment, we maintain strict physical and user access restrictions to all Roji applications and data.