Security and Compliance at LUMEDX

 

Overview

LUMEDX has been a market leader in cardiovascular information systems (CVIS) for more than 25 years. We have worked with more than 600 facilities across the United States to provide the performance analytics solutions hospitals need to improve quality of care and cut costs. We take security and compliance very seriously. Every year we undergo multiple audits to comply with certification requirements.

The specific security and compliance details of your LUMEDX solution will depend if you use HealthView Analytics, a cloud-based platform, or a Cardiovascular Information Systems solution that is LUMEDX hosted.


LUMEDX-Hosted Customers

Confidentiality

LUMEDX uses the highest quality providers, including data centers with multiple security certifications (including SOC 2 Type 2) that are guarded and monitored 24/7. Our processes include patching, vulnerability testing, extensive team training (which is updated annually with relevant topics and a quiz), employee background checks, a data loss prevention program, and anti-phishing training. Permissions are reset for inactive accounts, and all activity is tracked in audit logs. We require our suppliers to meet the same level of security and privacy standards. Data is encrypted both at rest and during transit, using the highest encryption standards.

Integrity

LUMEDX employs a security information and event management (SIEM) to monitor for suspicious activity, multiple firewalls, and resets access at least quarterly for client accounts. Multi-factor authentication is established for all employees.

Availability

Disaster recovery plans are created, reviewed, and tested quarterly. Customer support is handled by multiple teams, divided into zones, to ensure continuity and minimize single points of failure.

LUMEDX Hosted

LUMEDX Cloud Customers

The HealthView Analytics platform is built exclusively on Microsoft Azure. For specific security, privacy, and compliance details on the Azure platform, please visit here.

Confidentiality

LUMEDX uses the highest quality cloud providers, which include data centers with SOC 2 Type 2 certification that are guarded and monitored 24/7, with intrusion detection and video surveillance. Data is encrypted both at rest and during transit, using the highest encryption standards. Internally, our processes include vulnerability testing, extensive team training, employee background checks, a data loss prevention program, and anti-phishing training.

Integrity

Permissions are reset for inactive accounts, all activity is tracked in audit logs, and IP whitelisting is enabled (for HealthView Analytics users in Q4 2019). Multi-factor authentication is established for all LUMEDX employees. A SIEM is employed to monitor for suspicious activity.

Availability

Automatic failover is established for HealthView Analytics users. Disaster recovery plans are created, reviewed, and tested quarterly. Customer support is handled by multiple teams, divided into zones, to ensure continuity and minimize single points of failure.


LUMEDX Certifications

LUMEDX received its first international certification for ISO-13485 (Medical Device Development) in 2012, and has steadily improved and expanded its procedures, training, and certifications, achieving both ISO-27001 (Information Security Management Systems) and MDSAP (Medical Device Single Audit Program) certifications in 2017. LUMEDX undergoes two internal audits and five external audits each year, as well as vulnerability testing twice annually. LUMEDX Help Desk team has also been certified to HDI standards since 2013.

LUMEDX Hosted

Questions?

For questions relating to compliance or privacy, contact Chris Pearce, Privacy Officer, at chris.pearce@lumedx.com.

For questions relating to security, contact David Spidel, IT Manager and Security Officer, at david.spidel@lumedx.com.

HealthView Analytics is a transformative knowledge and technology platform offered by LUMEDX Corporation. For more than 25 years, LUMEDX has been a market leader in cardiovascular information systems (CVIS). The current generation of this system is the Cardiovascular Performance Program, which utilizes a knowledgebase of best practice insights derived from more than 650 medical centers—combined with analytics embedded in workflows—to boost clinical and financial performance. HealthView Analytics also has enterprise programs in Neurology, Orthopedics and Maternal/Fetal Medicine.

© 2020 LUMEDX