Shared security model

Last updated: Feb 13, 2024

Redox serves as an intermediary for exchanging data between you and your connections. We share a responsibility with you and your connection to make sure data remains secure end-to-end.

Here's a summary of the key responsibilities to create a safe journey for all data exchanged via Redox.

Our responsibilities

  • Build a robust, defense-in-depth security program addressing all angles of our operating environment.
  • Provide systems and environments that are compliant with relevant standards, including HIPAA, HITRUST, and SOC 2.
  • Ensure the secure receipt, storage, access, and transmittal of all properly formed data exchanged via Redox.
  • Restrict access to systems and data by Redox roles, granting access only to those with a specific business need.
  • Maintain 24/7 support for responding to system stability and availability issues.
  • Respond to questions that you or your customers may have about our security posture.

Your responsibilities

  • Respond to questions that your customers may have about our security posture.
  • Refer your connections to our docs for a detailed overview of how and why Redox is a secure platform for data exchanges.
  • Support modern, industry-accepted data connection standards (learn more about data in transit).
  • Develop security procedures for user access to your Redox organization(s) (learn about access control). You're responsible for:
    • approving and reviewing user access, permissions, and administrative settings so they stay up-to-date;
    • ensuring access changes reflect your change control procedures; and
    • controlling your users' access to confidential data, including PHI, if you choose to filter or translate confidential data.

Your connections' responsibilities

Data exchanged via Redox becomes the responsibility of your connection at the point that it's received over your secure integration.