The life sciences industry includes relevant checks and balances regarding data management. Managing your data is at the heart of what RxE2 does, and our goal is to keep your data safe and confidential.
Management Statement
RxE2 is the first company to implement community-based decentralized clinical trials. We are a pharmaceutical services organization that works with patient healthcare providers in communities, clinics, and research centers.
We deeply appreciate the responsibility of managing Personally Identifiable Information (PII) and Protected Health Information (PHI). RxE2 management, its employees, and contractors are committed to a quality information system that guarantees awareness and technology securities in accordance with our strategic business objectives.
RxE2 adopted all applicable regulations and endeavors to maintain compliance at every level putting the security of our patients, suppliers, and customers foremost. RxE2 will continue improving its systems to ensure we protect customer data.
At a glance
Security
We protect your data from its point of entry into our process through clinical trial completion. We ensure that it is encrypted in transit and at rest, and we provide additional controls to enforce organizational protection.
Compliance
We initiated a compliance program to ensure we meet your needs. We periodically conduct independent third-party audits and certifications, including ISO 27001, ISO 27799, HIPAA, and others.
Privacy
We are committed to protecting your privacy and customer data and preventing unauthorized access by utilizing industry best practices.
Data Integrity
Our products are designed for high performance and high availability. We developed these products with the best-in-class core technology of Amazon Web Services (AWS) to deliver the best solution.
Dive In
Data Centers:
In order to protect company databases and assets while assuring information availability, confidentiality, integrity, and reliability, RxE2 is based on Amazon Web Services (AWS), utilizing its industry best practices, multiple locations globally, and availability zones which allow us to accommodate the growing needs of our customers and local regulatory requirements.
Security controls at Amazon data centers are based on the highest-standard technologies and follow digital and physical industry best security practices. These measures are designed to eliminate single-point failures and to maintain computing center resiliency.
The centers hosting your data are secured by 24/7 physical security with biometric capabilities, fire prevention and controls, managed access, etc.
Encryption:
Data for most services are transmitted through secure encrypted channels to our cloud on AWS. We encrypt all data and communication through HTTPS TLS1.2 256 & AES on messages and cookies.
For RxE2 employees and third-party entities, our security policies are periodically enforced by external auditors verifying compliance with our promise (i.e., International Standards Organization).
Internally, Viz.ai, the care coordination platform, establishes and manages keys for required cryptography employed within its infrastructure.
Product Security:
- Mobile app (iOS, Android)
- Local HCPs Marketplace
- Web App for clinical sites
- Internal development systems enforcing our policies
Our solution is based on industry leader solutions:
- AWS
- Microsoft Azure
- Atlassian
Compliance & Certificates
Information Security Management 27001:2013
External Audit & Certification
Information Security Management certification specifies the requirements for establishing, implementing, maintaining, and continually improving information security management systems. It also includes requirements for the assessment and treatment of information security risks for RxE2. The scope includes our product, infrastructure, and organizational aspects and verifies that we have the necessary security controls to ensure the confidentiality, integrity, and availability of sensitive information assets.
Healthcare Information Security Management 27799:2013
External Audit & Certification
Healthcare Information Security Management certification specifies compliance with the requirement to provide tools to medical organizations and companies to protect the accessibility, completeness, and confidentiality of personal medical information in their possession.
The certification scope includes a review of our product, infrastructure, and organizational aspects of health data. It verifies that we have the necessary security controls to ensure the confidentiality, integrity, and availability of sensitive information assets.
Compliance Program
RxE2 regularly undergoes independent third-party compliance reviews and audits. RxE2 is committed to maintaining industry best practices, including International Standards Organization (ISO) and Health Insurance Portability and Accountability Act (HIPPA) recommendations.
We also have a detailed white paper presenting our compliance approach and security maps showing how RxE2’s products and processes address each requirement.
Compliance & Certificates
Information Security Management 27001:2013
External Audit & Certification
Information Security Management certification specifies the requirements for establishing, implementing, maintaining, and continually improving information security management systems. It also includes requirements for the assessment and treatment of information security risks for RxE2. The scope includes our product, infrastructure, and organizational aspects and verifies that we have the necessary security controls to ensure the confidentiality, integrity, and availability of sensitive information assets.
Healthcare Information Security Management 27799:2013
External Audit & Certification
Healthcare Information Security Management certification specifies compliance with the requirement to provide tools to medical organizations and companies to protect the accessibility, completeness, and confidentiality of personal medical information in their possession.
The certification scope includes a review of our product, infrastructure, and organizational aspects of health data. It verifies that we have the necessary security controls to ensure the confidentiality, integrity, and availability of sensitive information assets.
21 Code of Federal Regulations (CFR) Part 11
Part 11 applies to electronic records created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in FDA regulations. Certification includes validation, audit trails, record retention, and record copying requirements for regulated product modules.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
External Audit & Compliance approval
This certification is done to ensure that individual health information is properly protected while also allowing the flow of the information necessary to provide and promote high-quality healthcare and to protect public health and well-being.
The certification scope includes a review of our organizational process structure, capabilities, product, and infrastructure and verifies that we have the necessary security controls to ensure confidentiality, integrity, and availability of sensitive information assets while simultaneously protecting the privacy of people who seek care and healing.
Your Data
RxE2 has a robust program to keep your data private. Our processes and procedures are documented and periodically reviewed by our team and by independent third parties to ensure that they reflect company growth and industry best practices.
How we handle the Data
RxE2 developed and implemented a comprehensive quality assurance program that supports the “need to know” approach across our organization and through third-party suppliers. We provide our team with proper up-to-date training on essential privacy and security practices. Where relevant, we have a comprehensive confidentiality agreement that includes signed security contracts with each supplier. Additional control measures are in place for data handling suppliers, and scopes of work are clearly defined and integrated with our quality and security systems.
Business Data Privacy
Our data transition processes are well-defined between RxE2, suppliers, and customers. We follow all security-related protocols to keep your data safe and private in accordance with all required regulations.
Reliability
RxE2’s key data reliability elements include system setup, management and team crisis response, and malfunction and disaster recovery planning. While RxE2 focuses on preventing failure, we ensure quick recovery to meet business and customer demand. We maintain multiple geographically diverse data centers and robust Disaster Recovery and Business Continuity Plans. Physical access to our data centers is strictly controlled with comprehensive security measures by our hosting partners.
Performance
To provide our users with the best product experience, RxE2 invests in Information Technology (IT) solution technology infrastructure and architecture, including the related computing resources. This scope includes management of resource type and capacity based on current and expected IT solution workload, monitoring infrastructure performance, and appropriate control measures for optimal decisions.
Business Continuity
Our solutions are designed to be resilient. This high-availability architecture prevents failure while allowing high-level disaster recovery capability to enable business continuity.
Based on this architecture, RxE2 passed ISO audits addressing the need for robust Disaster Recovery and Business Continuity Plans.