Security Everywhere
Protecting Client Data from A to Z
Sync.MD utilizes enhanced, patented security methods and encryption protocols to ensure data is protected. Access to patient's account is only permitted from trusted devices (computer, tablet, smartphone, etc.), verified using multi-factor authentication (MFA). User passwords must meet minimum length and complexity requirements and are stored in a non-recoverable form. The combination of measures described above is in place to greatly reduce the possibility of brute force attacks exploiting weak passwords.
The Sync.MD web server creates and maintains a session with clients using encrypted and cryptographically signed JWT tokens. Sync.MD users can share their documents with a third party by initiating a time-limited shared folder protected by a combination of a randomly generated alphanumeric Access Key and personal identifier. Users have full control over the lifetime of these shares.
INNOVATE > SYNC > EMPOWER
HIPAA-Compliant Cloud Platform
Sync.MD services and data are hosted and stored on HIPAA-compliant Microsoft Azure cloud platform that includes built-in multilayered security and intelligent threat protection. All Azure services rely on FIPS 140-approved encryption algorithms by using FIPS 140 validated cryptographic modules in the underlying operating system. All production SQL databases and file stores use AES-256 data encryption. Every file uploaded to Sync.MD is encrypted with a randomly generated AES256/HMACSHA256 algorithm and stored in an encrypted, proprietary format. Communication between Sync.MD servers and clients are secured by industry standard SSL/TLS1.2 protocols supported by all modern web browsers and mobile OSes.
Dedicated Security Team focused on threat analysis, penetration testing, risk mitigation, and cyber-security best practices.
- Sync.MD web server creates and maintains session with client using encrypted and cryptographically signed JWT tokens
- Paranoia-embedded security protocol for Sync.MD Customer Support includes TOTP short-lived device registration
- Access to personal patient accounts is only permitted from trusted devices using verified Multi-Factor Authentication (MFA)
- Users have full control over the lifetime of any data exchange
- User passwords must meet minimum length and complexity requirements and are stored in a non-recoverable form to prevent brute force cyber-attacks related to weak passwords
- Sync.MD users can share their documents with a third party by initiating a time-limited shared folder protected by a combination of a randomly generated alphanumeric Access key and personal identifier
Uncompromising Security
is Priority One at Sync.MD
Enhanced (paranoia-embedded) security protocol for Sync.MD Customer Support includes use of TOTP, short-living device registration. DevOps is limited to access production environment on an as-needed basis only to prevent unauthorized or intentionally malicious actions by rogue personnel.
Sync.MD collects various client and server events, user actions logged and stored for audit and monitoring purposes.