Halo Connect Trust Centre

Handling patient data requires strict security and privacy practices, especially when transporting that data through the cloud.
 
Halo Connect is dedicated to doing just that.

Our security principles

  • Just a courier - we don’t retain data
  • Secure by design - built with security front of mind
  • Industry standards compliant - we strive to conform with security best practices
halo_graphic

  Security

No stored data

As a principle, Halo Connect does not retain data. We are just a courier.

Encryption during transit

Halo Connect uses industry leading transport layer security (TLS 1.3) to encrypt all data during transit.

Layered authorisation

Halo Connect builds on top of the screening and authorisation processes of Practice Management System vendors you already know and trust, adding an extra layer of security for your data.

Secure standards and policies

Industry best practices such as principle of least privilege, two-factor authentication, role-based access control and ZeroTrust are used for all internal systems.

  Privacy

No data inspection

Halo Connect does not inspect queries or response data. We just pass it on to where it needs to go.

No data access

Halo Connect runs queries on Practice Management System databases on behalf of integrators, not as ourselves. We are not authorised to access Medical Practice Data beyond what we need to identify the practice.

Minimal metadata

Halo Connect uses metadata in order to enable billing, analytics, and diagnostics. As a principle, we limit what metadata we collect and store to the minimum we need to operate.

  Data management

Microsoft Infrastructure

Halo Connect uses tier-one cloud technology provider Microsoft Azure for its infrastructure.

Australian Servers

All data stays in Australia, as Halo Connect's cloud APIs are hosted on Australian-based Azure Datacenters.

Access and identification

Every server and machine that connects to Halo Connect systems is uniquely identified, to allow Halo Connect to control access and monitor activity.

  Compliance

Third-party security audits

Penetration testing and architecture reviews are regularly carried out by third-party security experts, to ensure Halo Connect conforms with industry security standards.

ACSC guidelines compliance

Halo Connect strives to conform to Australian security standards as set forth by the Australian Cyber Security Centre (ACSC) and other relevant entities.

OWASP compliance

Halo Connect strives to implement the recommendations set forth by the Open Web Application Security Project (OWASP) regarding application security.

gold-smb1001-2023-level-3

For more information...

To learn more about Halo Connect’s security practices, how our Shared Responsibility Model works, or how to report a potential vulnerability, please see the Halo Connect docs ->
 
To learn more about how Halo Connect collects, uses, and discloses information, see our Privacy Policy ->