Security & Data Privacy At Oneview Healthcare

Company

Security and Data Privacy

We put security & data privacy first

It should come as no surprise to hear that the cybersecurity threat landscape continues to evolve at an ever-increasing pace. However, it is disturbing to know that healthcare institutions are being deliberately targeted more often than ever before.

As we develop and deliver our solutions, we do our utmost to minimise the security risk and to protect patient data, also known as Protected Health Information (PHI).

Improved security features are continuously added to new software releases, and we work closely with our customers to ensure that our solutions are integrated with the hospital infrastructure in-line with best practices.

Company Culture

Changing the culture of a company is never easy but it can be done if the general tone and direction comes from the top. The security & privacy mindset at Oneview has come from the top, with full commitment from senior management and the board of directors. We have a standing company objective to “Protect our customers and our brand by putting security first”.

This has enabled security & data privacy to permeate their way into our company culture, so much so that words like security, data privacy, PHI, encryption and certificates are part of our daily parlance. In short, it is a collective responsibility shared by everyone in the company.

Best Practices

Secure Software Development Lifecycle

Security and data privacy are integral to our Software Development Lifecycle (SDLC), from planning to production. Our SDLC includes principles and practices such as; privacy by design, threat modelling, peer code review, static code analysis, environment hardening, penetration testing (incl OWASP), monitoring & alerting.

Data Classification

For data classification we use the TLP protocol. This protocol is easy to understand and ensures that everyone understands how to treat data appropriately.

Connecting patients & families virtually whether around the block or around the country

3rd Party Penetration Testing

Our teams conduct penetration testing as part of the SDLC, however it is always best to have a fresh pair of eyes put it through its paces. We engage with a reputable 3rd party cybersecurity consultancy to conduct penetration testing and issue reports which we share with our customers.

Certifications & Compliance

As a global company, our Information Security Management System (ISMS) and Privacy Information Management System (PIMS) encompass security and data privacy regulations from around the globe, including GDPR, HIPAA & the Australian Privacy Act.

ISO27001 & ISO27701

Oneview’s ISMS and PIMS are certified against the requirements of the ISO27001 and ISO27701 standards respectively. Certification and on-going surveillance audits are conducted by Certification Europe.

HIPAA

A BAA (Business Associates Agreement) is signed between Oneview and every customer which fall under the remit of HIPAA. The controls defined in the HIPAA Security and Privacy rules are included in our ISMS & PIMS to ensure that the technical, physical and administrative safeguards are in place. Oneview have worked through the HIPAA compliancy requirements in order to achieve a verifiable seal of compliance.

Partnerships

Oneview is a Microsoft partner, in addition to our on-prem offerings, we offer our solutions on Microsoft’s Azure Cloud. Microsoft have invested heavily in the compliance of the Azure Cloud and there is a BAA in place between Oneview and Microsoft.

Artificial Intelligence Policy

Oneview has defined guidelines and best practices for the responsible and ethical use of Artificial Intelligence (AI) within our company and products. All users of AI enabled systems must use those systems in a manner that aligns with the company’s values, adheres to legal and regulatory standards, and promotes the safety and well-being of our staff and customers.

Read the full policy here.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.