Security

CompanyMileage.com is a HIPAA compliant software dedicated to maintaining levels of security and compliance that meet or exceed the standards set by the Health Insurance Portability and Accountability Act (HIPAA).

A three-tiered system ensures that we can maintain the highest levels of security.

Data Encryption

Ensuring the utmost security, our system incorporates a multi-layered approach to protect data at every level.

• Split knowledge, dual-control passwords
• Table-level encryption
• Password rotation management
• Log file encryption
• Privileged user (root) protection
• Compliance with PCI DSS, HIPAA, HITECH, FISMA and other regulatory guidelines for encryption of data at rest
• PCI certification
• Secure offsite key management.

Secure Facilities and Equipment

Our commitment to security extends beyond software, with secure facilities and cutting-edge equipment safeguarding our systems.

• Primary servers are hosted and managed by Rackspace’s data centers with 24/7 management and monitoring
• Synchronized servers are hosted by AWS’s data centers with 24/7 management and monitoring
• Data centers are SSAE 16/ISAE 320 certified
• Backups are daily
• Secure servers running RedHat Linux are maintained and serviced daily with any security patches
• Firewalls are in place to prevent unauthorized access to the system
• 256 bit encryption SSL.

Privacy Policies

At CompanyMileage, we prioritize the sanctity of client data, implementing policies that reflect our dedication to privacy and discretion as a HIPAA compliant software.

• Client address books can be segregated by individual user, department or division
• Client names can be suppressed on physical reports generated by users
• CompanyMileage will not share client data with any third parties without written authorization from our client
• CompanyMileage data systems are securely stored and accessible only by authorized company officials.