Security Statement

Security as a Company Value

Lamar Health’s security & compliance principles guide how we deliver our products and services.

Lamar Health’s most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. Application penetration tests are performed annually by an independent third-party. All services have quick failover points and redundant hardware, with backups performed daily.

Access to systems is restricted to specific individuals who have a need-to-know such information and who are bound by confidentiality obligations. Access is monitored and audited for compliance.

Lamar Health uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Accounts are protected with passwords.

 

Secure Testing

Lamar Health deploys third party penetration testing and vulnerability scanning of all production and Internet facing systems on a regular basis.

  • All new systems and services are scanned prior to being deployed to production.
  • We perform penetration testing both by internal security engineers and external penetration testing companies on new systems and products or major changes to existing systems, services, and products to ensure a comprehensive and real-world view of our products & environment from multiple perspectives.
  • We perform static and dynamic software application security testing of all code, as part of our software development process.

 

Application Security

  • Encryption – Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.
  • Continuous Monitoring – Independent third-party penetration, threat, and vulnerability testing.
  • Data Handling – Lamar Health is in full compliance with GDPR and has support for data deletion.
  • SSO – User access controls with single sign on.
  • Secure Hosting – Lamar Health’s cloud environments are backed by AWS’ security measures.

 

Continuous Security Commitment

  • Penetration Testing – We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.
  • Security Awareness Training – Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
  • Third-Party Audits – Our organization undergoes independent third-party assessments to test our security controls.
  • Roles and Responsibilities – Roles and responsibilities related to our information security program and the protection of our customer’s data are well defined and documented.
  • Information Security Program – We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by SecureFrame’s HIPAA compliance training documentation.
  • Continuous Monitoring – We continuously monitor our security and compliance status to ensure there are no lapses.

 

More Information

Lamar Health customers may request various security-related documents and more information directly at dev@lamarhealth.com.