The BedWatch application has a set of Enterprise-level access controls, including:

• Two-Factor Authentication
• Password complexity settings
• IP whitelisting for authentication
• IP whitelisting for access to ePHI
• Customizable Session timeout
• User account expirations
• User password expirations
• Single Sign On (SSO)

Access to data within BedWatch applications is governed by role-based access control (RBAC), and can be configured to define granular access privileges, by module or product.  BedWatch has various permission levels for users (user, admin, view-only, etc.)

At BedWatch, all data is encrypted in transit and at rest in accordance with HIPAA regulations.  Data is encrypted at the application level with AES-256 GCM encryption, and all data in transit is sent through https (TLS) encrypted connections and/or VPN, such as IpSec. This ensures the confidentiality and integrity of the data sent between the BedWatch application and the customer.

BedWatch has several audit controls built into the application and infrastructure. We follow all best practices for auditing users and events:

• User Audit Logs - List of all users associated with your account along with their last login, what actions they performed, what records they viewed
• Administrative Audit Logs - View all of the recent administrative actions pertaining to your BedWatch account, such as user account updates
• Time and Event based Audit Logs - Captures all actions with detailed information by user

BedWatch hosts data and services in data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.

Our infrastructure services include back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.

BedWatch logs and audits all internal employee access to production infrastructure using continuously monitoring services, and retains account activity related to actions across our infrastructure. Event history, including actions taken through command line tools, and other services are recorded. This event history simplifies security analysis, resource change tracking, and the ability to detect unusual activity.

BedWatch uses threat detection services that continuously monitor for malicious activity and unauthorized behavior.  The services use machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. 

Threat intelligence coupled with machine learning and behavior models allow us to detect activity such as credential compromise behavior, communication with known command-and-control servers, or API calls from known malicious IPs.

Access to the BedWatch Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our DevOps Team. Employees accessing the BedWatch Production Network are required to use multiple factors of authentication.

BedWatch maintains a documented and tested Contingency Plan and Disaster Recovery plan. These plans are tested at least annually or when there is a major change in the BedWatch environment. Lessons learned from the tests are compiled and are remediated by our engineering department.

BedWatch leverages horizontal architecture to autoscale its server resources, which maintains optimal application performance and availability, even when workloads are periodic, unpredictable, or continuously changing. Autoscaling continually monitors our applications to make sure that they are operating at desired performance levels. When demand spikes, autoscaling automatically increases the capacity of constrained resources to maintain a high quality of service.

BedWatch infrastructure is hosted across multiple discrete data centers with redundant power, networking, and connectivity. These give us the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center. 

In addition, BedWatch utilizes DevOps "Infrastructure as Code" tools for deploying all internal systems, such as application servers, network configurations, database, storage, and gateways. All services can be deployed within a short time to a different data center or set of data centers within another geographical region.

BedWatch is fully compliant with HIPAA and the HITECH Act. We follow all of the required procedural and technical controls within the cloud environment. Additionally, we will sign a Business Associate Agreement (BAA) with each customer in order to ensure that BedWatch and the customer are both in alignment with the security controls being enforced to protect such data.

BedWatch maintains an Information Security Program to reduce vulnerabilities by developing IS policies that assess, identify, prioritize, and manage vulnerabilities. These management activities support organizational objectives for mitigating the vulnerabilities, as well as developing and using metrics to gauge improvements in vulnerability mitigation.

BedWatch management as a whole is accountable for the execution of the IS Program and ensuring that the associated policies, standards, and procedures are properly communicated and understood within their respective organizational units.

Security begins on day one here. All employees receive security, privacy, and compliance training the moment they start. Though the extent of involvement may vary by role, security is everybody’s responsibility at BedWatch.

This commitment to security extends to our executives. The BedWatch Security Committee, a cross-functional group of executives and department heads, shapes our security programs, drives alignment across our organization, and ensures that security awareness and initiatives permeate throughout our organization.

The BedWatch Security Committee regularly engages in risk assessment reviews and audits to identify threats or vulnerabilities, internally and externally, that could result in loss, misuse or unauthorized access or modification of data.  Our main goal in Risk Management is the continuation of the BedWatch service along with the confidentiality, integrity, and availability of customer data.