At BedWatch, our top priority is keeping our customers' data secure.
BedWatch is committed to the security of your facility and patient data. We combine enterprise-class security features with comprehensive audits of our applications, systems, and networks to ensure customer and business data is always protected from unauthorized access, use, or disclosure. We adhere to and many times exceed the requirements of HIPAA compliance in order to maintain the Confidentiality, Integrity, and Availability (CIA) of all sensitive data.
The BedWatch Security Program covers the following areas:
For any security related questions or issues to report, please contact us at security@bedwatch.com.
The BedWatch application has a set of Enterprise-level access controls, including:
Access to data within BedWatch applications is governed by role-based access control (RBAC), and can be configured to define granular access privileges, by module or product. BedWatch has various permission levels for users (user, admin, view-only, etc.)
At BedWatch, all data is encrypted in transit and at rest in accordance with HIPAA regulations. Data is encrypted at the application level with AES-256 GCM encryption, and all data in transit is sent through https (TLS) encrypted connections and/or VPN, such as IpSec. This ensures the confidentiality and integrity of the data sent between the BedWatch application and the customer.
BedWatch has several audit controls built into the application and infrastructure. We follow all best practices for auditing users and events:
BedWatch hosts data and services in data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.
Our infrastructure services include back-up power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data.
BedWatch logs and audits all internal employee access to production infrastructure using continuously monitoring services, and retains account activity related to actions across our infrastructure. Event history, including actions taken through command line tools, and other services are recorded. This event history simplifies security analysis, resource change tracking, and the ability to detect unusual activity.
BedWatch uses threat detection services that continuously monitor for malicious activity and unauthorized behavior. The services use machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats.
Threat intelligence coupled with machine learning and behavior models allow us to detect activity such as credential compromise behavior, communication with known command-and-control servers, or API calls from known malicious IPs.
Access to the BedWatch Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our DevOps Team. Employees accessing the BedWatch Production Network are required to use multiple factors of authentication.
BedWatch maintains a documented and tested Contingency Plan and Disaster Recovery plan. These plans are tested at least annually or when there is a major change in the BedWatch environment. Lessons learned from the tests are compiled and are remediated by our engineering department.
BedWatch leverages horizontal architecture to autoscale its server resources, which maintains optimal application performance and availability, even when workloads are periodic, unpredictable, or continuously changing. Autoscaling continually monitors our applications to make sure that they are operating at desired performance levels. When demand spikes, autoscaling automatically increases the capacity of constrained resources to maintain a high quality of service.
BedWatch infrastructure is hosted across multiple discrete data centers with redundant power, networking, and connectivity. These give us the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.
In addition, BedWatch utilizes DevOps "Infrastructure as Code" tools for deploying all internal systems, such as application servers, network configurations, database, storage, and gateways. All services can be deployed within a short time to a different data center or set of data centers within another geographical region.
BedWatch is fully compliant with HIPAA and the HITECH Act. We follow all of the required procedural and technical controls within the cloud environment. Additionally, we will sign a Business Associate Agreement (BAA) with each customer in order to ensure that BedWatch and the customer are both in alignment with the security controls being enforced to protect such data.
BedWatch maintains an Information Security Program to reduce vulnerabilities by developing IS policies that assess, identify, prioritize, and manage vulnerabilities. These management activities support organizational objectives for mitigating the vulnerabilities, as well as developing and using metrics to gauge improvements in vulnerability mitigation.
BedWatch management as a whole is accountable for the execution of the IS Program and ensuring that the associated policies, standards, and procedures are properly communicated and understood within their respective organizational units.
At BedWatch, we prioritize the security and integrity of your data. We maintain SOC 2 Type 2 compliance, demonstrating our commitment to rigorous, ongoing controls that protect our customers' sensitive information. Our compliance is validated through regular, independent third-party audits, which thoroughly assess our policies, procedures, and technical controls, ensuring they are not only robust but also effective over time.
Security begins on day one here. All employees receive security, privacy, and compliance training the moment they start. Though the extent of involvement may vary by role, security is everybody’s responsibility at BedWatch.
This commitment to security extends to our executives. The BedWatch Security Committee, a cross-functional group of executives and department heads, shapes our security programs, drives alignment across our organization, and ensures that security awareness and initiatives permeate throughout our organization.
The BedWatch Security Committee regularly engages in risk assessment reviews and audits to identify threats or vulnerabilities, internally and externally, that could result in loss, misuse or unauthorized access or modification of data. Our main goal in Risk Management is the continuation of the BedWatch service along with the confidentiality, integrity, and availability of customer data.
BedWatch® was founded in 2010 as a division of HHS, an acute-care support service management provider with more than four decades of experience serving the healthcare industry.
The BedWatch® team continues its rapid innovation in the sunny technology hub of Austin, Texas.