FAQ

DOCUMENT MEDICAL

going right.png

Security FAQ

 

Document LLC employs industry-leading security measures to help ensure the authenticity, integrity, and privacy of data, both at rest and in transit. Below are some frequently asked questions about Document LLC security.

 

Policies

Does Document LLC have a privacy policy?

Yes, you can see it at DocumentMedical.com/Privacy-Policy

 

Does Document LLC have a security policy?

Yes, Document LLC has a comprehensive security posture, with data security policies in place to

ensure the privacy and security of all data. Upon request, Document LLC will share the policies with prospects after both parties have signed an NDA.

 

Does Document LLC comply with HIPAA?

Yes, data security and HIPAA compliance are our top priority. Document LLC’s governance structure ensures compliance with applicable laws and regulations, including HIPAA.

 

Does Document LLC train its employees on HIPAA standards?

Yes, every employee gets HIPAA training upon hiring and then once per year thereafter.

 

Does Document LLC perform background checks on employees?

Yes, Document LLC performs background checks on all new employees.

 

Data Access

How does Document LLC ensure that only authorized people access data?

Document LLC takes numerous measures to ensure that only authorized people have access to data, including:

• Keyfobs are required to access the Document LLC office

• Strong account passwords are required

• Two-factor authentication is mandatory for all employees and contractors to access critical systems

• Automated software logs access for review

• Roles-based access to various levels of data determined by job function

 

What steps would Document LLC take to mitigate any damage caused by a breach?

Our security architecture employs several layers of defense thus requiring an intruder to breach multiple layers to see all data. Suspected events are immediately analyzed, and in the event of a security incident, Document LLC would take the following steps, among others:

• Immediately begin to address and investigate the incident.

• Mitigate the harmful effect, without delay.

• Alert any affected clients as required by law and relevant agreements.

• Begin breach response and reporting if preliminary findings direct so.

• Conduct a post-incident/breach review and update technical controls and/or

safeguards, policies, procedures, and training awareness materials as needed.

• Implement all other appropriate remediation efforts to prevent similar incidents from

recurring (including, re-education of workforce and/or termination of subcontractor).
 

Has Document LLC ever had a data breach?

No.

 

What does Document LLC do to prevent malicious malware from being installed?

Anti-malware software is implemented on Document LLC workstations. In addition, regular “Security 101” education is provided to all employees including on phishing and malware threats and appropriate precautions to be taken. The Document LLC application is scanned before deployment for any malware and vulnerabilities.

 

Data in Transit

Does Document LLC encrypt data in transit?

Yes, Document LLC encrypts all data in transit between the solution (web and mobile) and the Document LLC servers using best-in-class encryption.

 

Device & Application Security

Does Document LLC store data on mobile devices?

Yes, but when the user logs out the data is cleared.

 

What does Document LLC do to ensure that any data on the device is secure?

Document LLC only runs on modern devices, such as iPhones and Android phones, that encrypt all data on the device. Additionally, we require all users to use strong passwords to have access to the Document LLC application.

 

Does Document LLC support biometric authentication on devices?

Yes, Document LLC supports both TouchID and FaceID on iPhones and Android devices.

 

Data Center Security

Is Document LLC a cloud provider?

Yes, the Document LLC service runs in the most modern, secure cloud service.

 

Is all data encrypted at rest?

Yes, Document LLC encrypts all customer content stored at rest.

 

How strong is the encryption used to store data at rest?

Data stored with Document LLC is encrypted at the storage level using either AES256 or AES128.

 

Who has access to the Document LLC cloud data center?

Our solution is hosted on a world class cloud provider’s infrastructure which provides for top

notch physical and environmental controls that are documented and attested for in its SOC2

Type 2 report by an independent auditing firm.