Halo Connect Trust CentreHandling patient data requires strict security and privacy practices, especially when transporting that data through the cloud.
Our security principles
- Just a courier - we don’t store data
- Secure by design - built with security front of mind
- Industry standards compliant - we strive to conform with security best practices
No stored data
As a principle, Halo Connect does not store data. We are just a courier.
Encryption during transit
Halo Connect uses industry leading transport layer security (TLS 1.3) to encrypt all data during transit.
Halo Connect builds on top of the screening and authorisation processes of Practice Management System vendors you already know and trust, adding an extra layer of security for your data.
Secure standards and policies
Industry best practices such as principle of least privilege, two-factor authentication, role-based access control and ZeroTrust are used for all internal systems.
No data inspection
Halo Connect does not inspect queries or response data. We just pass it on to where it needs to go.
No data access
Halo Connect runs queries on Practice Management System databases on behalf of integrators, not as ourselves. We are not authorised to access Medical Practice Data beyond what we need to identify the practice.
Halo Connect uses metadata in order to enable billing, analytics, and diagnostics. As a principle, we limit what metadata we collect and store to the minimum we need to operate.
Halo Connect uses tier-one cloud technology provider Microsoft Azure for its infrastructure.
All data stays in Australia, as Halo Connect's cloud APIs are hosted on Australian-based Azure Datacenters.
Access and identification
Every server and machine that connects to Halo Connect systems is uniquely identified, to allow Halo Connect to control access and monitor activity.
Third-party security audits
Penetration testing and architecture reviews are regularly carried out by third-party security experts, to ensure Halo Connect conforms with industry security standards.
ACSC guidelines compliance
Halo Connect strives to conform to Australian security standards as set forth by the Australian Cyber Security Centre (ACSC) and other relevant entities.
Halo Connect strives to implement the recommendations set forth by the Open Web Application Security Project (OWASP) regarding application security.