Simplee is serious about security

The Simplee platform is built using best-in-class security measures. Our cloud based infrastructure has been architected to be one of the most flexible and secure environments available today. It provides an extremely scalable, highly reliable platform that enables our partners to deploy data quickly and securely.

Platform and policy tenets

To help you keep your data and systems secure in the cloud, we provide a wide variety of security features and tools. Our key platform and policy tenets include:

  • HIPAA complaint
  • PCI compliant
  • 1st class data hosting provider with PCI DSS Level 1, HIPAA, SOC 1, 2 and 3, and ISO 27001 certifications
  • Information Security
  • Full encryption at multiple layers for data at-rest and data in-transit, including databases and/or files
  • High availability and 99.99% uptime
  • Tiered network architecture with multiple firewalls between each tier
  • Secure multi-providers architecture
  • Secure data integration supporting VPN, GPG encryption for files transfer, SFTP, and FTPS data transfer
  • Extensive logging and audits to ensure ongoing security

Patient authentication and website security

Patients who access and pay their bills through Simplee are required to log in (or authenticate) before accessing private information. These security features include:

  • Forced SSL encryption using 2048-bit RSA and SHA-256 key lengths
  • Daily vulnerability scanning
  • Online seal displaying up-to-date security status
  • Flexible patient authentication options including support for:
  • Single Sign On (SSO) login using pre-existing methods for patient authentication
  • Unique bill specific link embedded within emails, SMS, or paper statements + 2 personal identifiers login
  • Account # + personal identifiers based login
  • “Guest” payments without any authentication (PHI is not presented in this mode)
  • Anti–brute force hacking with Captcha and 24-hour account locking after several failed attempts
  • Unauthenticated payment allowing patients to pay without logging in. In this case, patients provide the minimal information required to complete a payment (such as account number, payment amount, and credit card information) and are not shown any statements or PHI
  • Extensive logging and audits to ensure ongoing security

Back office security

Simplee provides numerous features to ensure the security of the Back Office interface. Below are our key security features:

  • SSL Encryption using 2048-bit RSA and SHA-256 key lengths
  • SSO authentication for secure and seamless integration with provider’s Health Information system
  • Role based access defining different roles for users. For example, an accounting user has access to bank information only and an Revenue Cycle Management department user has access to patient information.
  • Strong password policies including strength restrictions (such as minimum length) and expiration
  • IP-based access restriction that specifies IPs or a subnet of IPs to limit access to a provider’s facility or facilities
  • Anti–brute force mechanisms with detection and temporary locking of and offending IP and its users
  • Automatic log-out after a defined inactivity time
  • Audit logs of system usage
HIPAA
pci
ISO
GnuPG
badge-SSL

INTRIGUED?

Schedule a time to learn how Simplee can work for your healthcare system.

Are you a Patient? Looking for Careers?
  • HEADQUARTERS

    480 S. California Ave, Suite 301
    Palo Alto, CA 94306
    (800) 464–5125
scroll down