Locus has designed its systems and security architecture with the protection of its clients’ information as the first priority
Patients and/or caregivers utilize Apple iPads to record clinical information, including PHI, that is then transmitted to Locus systems resident in the Amazon Web Services (AWS) cloud. Clinical dashboards are then distributed to health systems and used by care teams to monitor key measurements, view photos and videos, and read patient notes.
Locus’ platform architecture takes advantage of state of the art security features in AWS and the mobile device security features provided by Apple and JAMF mobile device management software. We connect to both AWS and our clients using secure virtual private network (VPN) tunnels. In addition, Locus is audited for SOC 2 compliance every two years and conducts an annual security assessment, and set of penetration tests, to ensure our security measures are continually updated.
Amazon Web Services
Locus maintains a Business Associate Agreement (BAA) with AWS and follows AWS guidelines for a HIPAA appropriate architecture, including AES 256 bit encryption for data at rest and in transit. AWS is certified to be compliant with EU-US Privacy Shield, ISO 27001, and SOC 1, 2 and 3.
Apple and JAMF Security Features
Locus solutions offer a managed distribution of our iOS application over a secure enterprise mobile device management system. Through MDM, Locus can automatically set up and deploy managed devices and apps, remote lock and wipe devices upon discharge, and enforce security policies.
Certifications and Audits
Locus undergoes a SOC 2 audit on a bi-annual basis, conducts yearly penetration tests, does an annual risk assessment, and is pursuing HITRUST certification.