Security Overview

At BedWatch, our top priority is keeping our customers' data secure.


BedWatch is committed to the security of your facility and patient data. We combine enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure customer and business data is always protected from unauthorized access, use, or disclosureWe adhere to and many times exceed the requirements of HIPAA compliance in order to maintain the Confidentiality, Integrity, and Availability (CIA) of all sensitive data.

The BedWatch Security Program covers the following areas:

  • Application Security
  • Infrastructure and Network Security
  • Availability & Continuity
  • Compliance & Privacy


For any security related questions or issues to report, please contact us at

Application Security

Access Controls

The BedWatch application has a set of Enterprise-level access controls, including:

  • Two-Factor Authentication
  • Password complexity settings
  • IP whitelisting for authentication
  • IP whitelisting for access to ePHI
  • Customizable Session timeout
  • User account expirations
  • User password expirations
  • Single Sign On (SSO)

Role-based Authorization

Access to data within BedWatch applications is governed by role-based access control (RBAC), and can be configured to define granular access privileges, by module or product.  BedWatch has various permission levels for users (user, admin, view-only, etc.)

Data Encryption

At BedWatch, all data is encrypted in transit and at rest in accordance with HIPAA regulations.  Data is encrypted at the application level with AES-256 GCM encryption, and all data in transit is sent through https (TLS) encrypted connections and/or VPN, such as IpSec. This ensures the confidentiality and integrity of the data sent between the BedWatch application and the customer.

Audit Controls

BedWatch has several audit controls built into the application and infrastructure. We follow all best practices for auditing users and events:

  • User Audit Logs - List of all users associated with your account along with their last login, what actions they performed, what records they viewed
  • Administrative Audit Logs - View all of the recent administrative actions pertaining to your BedWatch account, such as user account updates
  • Time and Event based Audit Logs - Captures all actions with detailed information by user


Infrastructure & Network Security

Secure Data Centers

BedWatch hosts data and services in data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.

Our infrastructure services include back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.

Internal User Auditing

BedWatch logs and audits all internal employee access to production infrastructure using continuously monitoring services, and retains account activity related to actions across our infrastructure. Event history, including actions taken through command line tools, and other services are recorded. This event history simplifies security analysis, resource change tracking, and the ability to detect unusual activity.

Intelligent Threat Detection

BedWatch uses threat detection services that continuously monitor for malicious activity and unauthorized behavior.  The services use machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. 

Threat intelligence coupled with machine learning and behavior models allow us to detect activity such as credential compromise behavior, communication with known command-and-control servers, or API calls from known malicious IPs.

Logical Access

Access to the BedWatch Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our DevOps Team. Employees accessing the BedWatch Production Network are required to use multiple factors of authentication.

Availability & Continuity

Disaster Recovery

BedWatch maintains a documented and tested Contingency Plan and Disaster Recovery plan. These plans are tested at least annually or when there is a major change in the BedWatch environment. Lessons learned from the tests are compiled and are remediated by our engineering department.

Auto Scaling Services

BedWatch leverages horizontal architecture to autoscale its server resources, which maintains optimal application performance and availability, even when workloads are periodic, unpredictable, or continuously changing. Autoscaling continually monitors our applications to make sure that they are operating at desired performance levels. When demand spikes, autoscaling automatically increases the capacity of constrained resources to maintain a high quality of service.

Redundancy and Fault Tolerance

BedWatch infrastructure is hosted across multiple discrete data centers with redundant power, networking, and connectivity. These give us the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center. 

In addition, BedWatch utilizes DevOps "Infrastructure as Code" tools for deploying all internal systems, such as application servers, network configurations, database, storage, and gateways. All services can be deployed within a short time to a different data center or set of data centers within another geographical region.

Compliance & Privacy


BedWatch is fully compliant with HIPAA and the HITECH Act. We follow all of the required procedural and technical controls within the cloud environment. Additionally, we will sign a Business Associate Agreement (BAA) with each customer in order to ensure that BedWatch and the customer are both in alignment with the security controls being enforced to protect such data.

Information Security Program

BedWatch maintains an Information Security Program to reduce vulnerabilities by developing IS policies that assess, identify, prioritize, and manage vulnerabilities. These management activities support organizational objectives for mitigating the vulnerabilities, as well as developing and using metrics to gauge improvements in vulnerability mitigation.

BedWatch management as a whole is accountable for the execution of the IS Program and ensuring that the associated policies, standards, and procedures are properly communicated and understood within their respective organizational units.

Operational Compliance

Security begins on day one here. All employees receive security, privacy, and compliance training the moment they start. Though the extent of involvement may vary by role, security is everybody’s responsibility at BedWatch.

This commitment to security extends to our executives. The BedWatch Security Committee, a cross-functional group of executives and department heads, shapes our security programs, drives alignment across our organization, and ensures that security awareness and initiatives permeate throughout our organization.

Risk Management

The BedWatch Security Committee regularly engages in risk assessment reviews and audits to identify threats or vulnerabilities, internally and externally, that could result in loss, misuse or unauthorized access or modification of data.  Our main goal in Risk Management is the continuation of the BedWatch service along with the confidentiality, integrity, and availability of customer data.

Advanced Visibility Tools for Healthcare

Request Demo