We are operating in the life science industry, which already includes relevant checks and balances in relation to how data is managed. For us at RxE2 managing your data is at the heart of what we do, and this is why our goal is keeping it safe and private while providing you with additional value.

Management Statement

RxE2 Inc. is the first company to implement a new approach of community-based decentralized clinical trials. RxE2 is a pharmaceutical services organization that works with patients’ health care providers in the community, clinics, and research centers. We have a deep appreciation for the responsibility of managing Personally Identifiable Information (PII) and Protected Health Information (PHI).

RxE2 management and its employees and contractors are committed to objective information security and a quality system that enables the required awareness and technology securities. All in accordance with our strategic business objectives.

RxE2 has adopted the applicable regulations and we endeavor to maintain compliance at every level, with the security of our patients, suppliers, and customers in mind.  RxE2 will continue to improve its systems and will continue to ensure we protect our customers data.

At a glance

Security

We protect your data from its point of entry to our process. We make sure it’s encrypted in transit and at rest and provide additional controls to enforce organizational protection.

Learn more

Compliance

We initiated, from the early days of the company, a compliance program to make sure we meet your compliance needs. We are periodically going through independent third-party audits and certifications mainly ISO 27001, ISO 27799, HIPAA and more.

Learn more

Privacy

We are committed to protecting your privacy and your customers’ data, preventing it from unauthorized access by utilizing industry best-practices.

Learn more

Data Integrity

Our products are designed for high performance and high availability, we develop them with industry best practices on best-in-class core technologies, such as AWS, so we can deliver the best solution.

Learn more

Dive In

Data Centers:

Protecting our databases and assets of the company, while assuring availability, confidentiality, integrity, and reliability of the information under its responsibility. Due to this RxE2 is fully based on Amazon Web Services (AWS), utilizing its industry best practices, multiple locations globally and availability zones which allow us to accommodate our customers growing needs and local regulatory needs.
Security controls at Amazon data centers are based on the highest-standard technologies and follow the industry’s best security practices both digital and physical ones. These measurements are built to eliminate a single point of failure and maintain the resilience of the computing center.
The data centers that host your data are kept safe 24/7 by physical security with biometric capabilities , fire prevention and controls, managed access, etc.

Encryption:

The data is transmitted through secured encrypted channels to our cloud on AWS. As part of our cloud we deployed AWS encryption mechanisms for all most all the services we utilize.
We make sure to encrypt all our data and communication through HTTPS TLS1.2 256 & AES on message body and cookies.

For RxE2 employees and 3rd parties we enforce our security policies periodically audited by external auditors making sure we are compliant to our promise (i.e. ISO).
Internally, Viz.ai establishes and manages cryptographic keys for required cryptography employed within the Viz.ai infrastructure.

Security in our products:

  • Security with our mobile app (iOS, Android)
  • Security with our Local HCPs Marketplace
  • Security with our Web App for clinical sites
  • Our internal development systems enforcing our policies

Our solution is based on industry leader solutions:

  • AWS
  • Microsoft Azure
  • Atlassian

Compliance & Certificates

ISO 27001Information Security Management 27001:2013

External Audit & Certification

Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system. It also includes requirements for the assessment and treatment of information security risks for RxE2 needs. The scope includes our product, infrastructure, and organizational aspects and verifies we have the necessary security controls in place to ensure the confidentiality, integrity, and availability of sensitive information assets.

 

 

ISO 27799 Health care Information Security Management 27799:2013

External Audit & Certification

Specifies the requirements to provide tools in the hands of medical organizations, or companies that has personal medical information, protection of accessibility, completeness, and confidentiality of personal medical information in their possession.

The scope includes our product, infrastructure, and organizational aspects related to health data, verifies that we have the necessary security controls in place to ensure confidentiality, integrity, and availability of sensitive information assets.

Compliance Program

RxE2 regularly undergoes through independent 3rd party reviews and audits. As part of these processes RxE2 is committed to maintain the level required to be compliant with industry best practices, as ISO, HIPPA, etc.

We also have a more detailed white paper to present our approach to compliance and security maps for each requirement the way RxE2 is addressing it through its products or through its processes.

Compliance & Certificates

ISO 27001Information Security Management 27001:2013

External Audit & Certification

Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system. It also includes requirements for the assessment and treatment of information security risks for RxE2 needs.

The scope includes our product, infrastructure, and organizational aspects and verifies we have the necessary security controls in place to ensure the confidentiality, integrity, and availability of sensitive information assets.

 

 

ISO 27799 Health care Information Security Management 27799:2013

External Audit & Certification

Specifies the requirements to provide tools in the hands of medical organizations, or companies that has personal medical information, protection of accessibility, completeness, and confidentiality of personal medical information in their possession.

The scope includes our product, infrastructure, and organizational aspects related to health data, verifies that we have the necessary security controls in place to ensure confidentiality, integrity, and availability of sensitive information assets.

 

FDA 21 CFR Part 11

Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in FDA regulations. The scope includes our regulated modules of the product to maintain its validation, audit trail, record retention, and record copying requirements.

 

 

HIPPA

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

External Audit & Compliance approval

To ensure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well-being.

The scope includes our organizational process structure, capabilities, product, and infrastructure and verifies that we have the necessary security controls in place to ensure the confidentiality, integrity, and availability of sensitive information assets, while protecting the privacy of people who seek care and healing.

Your Data

RxE2 established a robust program to keep your data private our processes and procedures are documented and being reviewed periodically by the team and by 3rd parties making sure we keep them up to date with the company growth and industry best practices.

How we handle the Data

RxE2 developed and implemented a comprehensive quality assurance program making sure our team is trained properly and the systems support the “need to know” approach. Across the organization and through our 3rd party suppliers. We keep everyone trained and updated on essential privacy and security practices and also with each of our suppliers we have a comprehensive confidentiality agreement including contract security appendix signed where relevant. Suppliers that are part of the data handling process will go through additional control measurements and their scope of work will be clearly defined and  integrated to our quality & security systems.

Business Data Privacy

As data transition between RxE2, suppliers and customers we keep our processes well defined and follow them with all security related measures to make sure your data is kept safe and private in accordance with all required regulations.

Reliability

RxE2 focus on the ability to prevent, and quickly recover from failures to meet business and customer demand. Key areas we handle include elements as system setup, recovery planning from a malfunction and from a full disaster, and how these need to be addressed by the team and by management. We maintain high levels of availability with multiple geographically diverse data centers and a robust Disaster Recovery and Business Continuity programs. Physical access to our data centers is strictly controlled with comprehensive security measures by our data center hosting partners.

Performance

The performance efforts RxE2 invests in focus on our company’s IT infrastructure and our solution technology architecture including the related computing resources making sure our users will have the best product experience. Topics that are part of this scope include management of the resource types and capacity based on current and expected solution workload, monitoring infrastructure performance, and having the right controls to take the most optimal decision when required.

Business Continuity
Our solution was designed on high availability-based architecture, in order to be resilient also in cases of a major issue to solution health. This architecture aims to protect our solution from a failure event, yet still allows a high level of disaster recovery capabilities to enable business continuity.
Based on this architecture, RxE2 passed ISO audits to be certificated upon, that address also the need for a robust business continuity plan and Disaster recovery plan.