Company

Security and Data Privacy
REQUEST A DEMO

We put security & data privacy first

It should come as no surprise to hear that the cybersecurity threat landscape continues to evolve at an ever-increasing pace. However, it is disturbing to know that healthcare institutions are being deliberately targeted more often than ever before. 

As we develop and deliver our solutions, we do our utmost to minimise the security risk and to protect patient data, also known as Protected Health Information (PHI).  

Improved security features are continuously added to new software releases, and we work closely with our customers to ensure that our solutions are integrated with the hospital infrastructure in-line with best practices. 

Company Culture

Changing the culture of a company is never easy but it can be done if the general tone and direction comes from the top. The security & privacy mindset at Oneview has come from the top, with full commitment from senior management and the board of directors. We have a standing company objective to “Protect our customers and our brand by putting security first”.

This has enabled security & data privacy to permeate their way into our company culture, so much so that words like security, data privacy, PHI, encryption and certificates are part of our daily parlance. In short, it is a collective responsibility shared by everyone in the company. 

Best Practices

Secure platform

Secure Software Development Lifecycle 

Security and data privacy are integral to our Software Development Lifecycle (SDLC), from planning to production. Our SDLC includes principles and practices such as; privacy by design, threat modelling, peer code review, static code analysis, environment hardening, penetration testing (incl OWASP), monitoring & alerting. 
Oneview Healthcare integrations

Data Classification

For data classification we use the TLP protocol. This protocol is easy to understand and ensures that everyone understands how to treat data appropriately.  
Connecting patients & families virtually whether around the block or around the country

3rd Party Penetration Testing

Our teams conduct penetration testing as part of the SDLC, however it is always best to have a fresh pair of eyes put it through its paces. We engage with a reputable 3rd party cybersecurity consultancy to conduct penetration testing and issue reports which we share with our customers. 

Certifications & Compliance 

As a global company, our Information Security Management System (ISMS) and Privacy Information Management System (PIMS) encompass security and data privacy regulations from around the globe, including GDPR, HIPAA & the Australian Privacy Act. 

ISO27001 & ISO27701

Oneview’s ISMS and PIMS are certified against the requirements of the ISO27001 and ISO27701 standards respectively. Certification and on-going surveillance audits are conducted by Certification Europe. 

HIPAA

A BAA (Business Associates Agreement) is signed between Oneview and every customer which fall under the remit of HIPAA. The controls defined in the HIPAA Security and Privacy rules are included in our ISMS & PIMS to ensure that the technical, physical and administrative safeguards are in place. Oneview have worked through the HIPAA compliancy requirements in order to achieve a verifiable seal of compliance.

Partnerships

Oneview is a Microsoft partner, in addition to our on-prem offerings, we offer our solutions on Microsoft’s Azure Cloud.  Microsoft have invested heavily in the compliance of the Azure Cloud and there is a BAA in place between Oneview and Microsoft.