For us, quality and safety come first, and as a certified class I medical device, UpHill is compliant with the industry safety standards.
Privacy protection by design
UpHill is GDPR compliant, as part of our commitment to protecting the privacy of our clients’ patients’ personal health information.
UpHill is built on a broad culture of security, and we have the highest of considerations in the various steps of the data journey.
UpHill is compliant with relevant industry-standard certifications
“When it comes to privacy and security, we noticed not only the safeguarding of standards and best practices but their true implementation.”
ICT Manager, Hospital da Cruz Vermelha
Bollerproof monitoring processes & third party audits
Internal monitoring for threats and attempted attacks, infrastructure, and code vulnerabilities on a daily basis.
Multiple third-party penetration tests yearly, including manual penetration testing on our software.
Code audits performed regularly to find and address any security vulnerabilities.
Data encryption and storage
All data is encrypted in transit (TLS 1.2 SHA256-RSA) and in storage (AES256). Backups are also encrypted and stored in a separate location.
Data is stored in the European Cloud at Amazon Web Services, which is compliant with the most demanding safety requirements.
Application containers and databases are in private subnets, inaccessible from the outside.
Access restricted to the application and interoperability mechanisms, served through API gateways.
In-house security-driven mindset
To address the industry security priorities, UpHill also engage employees in safety practices.
UpHill staff must comply with internal use policy prior in order to gain access to any protected software or data.
In-house safety practices includes using strong passwords, encrypting devices, enabling multi-factor authentication, and undergoing security training.