Shared security model

Redox serves as an intermediary for exchanging data between you and your connections. We share a responsibility with you and your connection to make sure data remains secure from end-to-end. Here's a summary of the key responsibilities to create a safe journey for all data exchanged via Redox.

Our responsibilities

  • Build a robust, defense-in-depth security program addressing all angles of our operating environment.
  • Ensure our systems and environments are compliant with relevant standards, including HIPAA, HITRUST, and SOC 2.
  • Assure the secure receipt, storage, access, and transmittal of all properly formed data exchanged via Redox.
  • Restrict access to systems and data by Redox roles, granting access only to those with a specific business need.
  • Maintain 24/7 support for responding to system stability and availability issues.
  • Respond to questions that you or your customers may have about our security posture.

Your responsibilities

  • Respond to questions that your customers may have about our security posture.
  • Refer your connections to our docs for a detailed overview of how and why Redox is a secure platform for data exchanges.
  • Establish user access procedures:
  • Develop security procedures that empower you to approve user access, control user access levels, and establish administrative settings.
  • Periodically review the list of users with access to the Redox dashboard and remove access from anyone who shouldn’t have it.
  • Ensure access changes reflect change-control procedures.
  • Support modern, industry-accepted data connection standards (learn more about data in transit).

Your connections' responsibilities

The data that you exchange via Redox with your connection becomes the responsibility of your connection at the point that it's received over your secure integration. Healthcare organizations should: