Security Statement

Data Breaches Cost The United States More Than One Trillion Dollars.

Data Breaches

Surely you’ve read about the highly publicized data breaches at many major retailers, Sony Pictures, Ashley Madison, MySpace, Linked In, the U.S. Government (22 million employee files), and various health insurance companies. Here’s a “not-so-fun-fact”: a stolen credit card data file is worth about $25 on the black market, where they are sold and traded in places like Russia.

The hackers who broke into Target’s system (the huge national retailer) stole 40 million credit cards and illegally sold those for as much as $25 per card. Health data is a whole other story. A health data file, like those recently stolen — from Anthem, is worth closer to ten times as much. So who do you think the most dangerous hackers are targeting…credit card data or health record files? They are targeting health record files for larger illegal payoffs.

Here’s another consideration: In the event of a data breach, YOU as the owner of the data must report the breach to your clients and the government — and the fines for unintentional HIPAA data breaches can run $100 to $50,000 per breach — per record — so fines may run into the millions of dollars. Customer goodwill is another immeasurable cost. Saving a few thousands of dollars now cannot possibly justify the risk of a wholesale HIPAA data breach.

Kipu Was Built To Be Secure

Kipu was built first for security and compliance from the ground up. Here’s how and why: Some EMRs are so old that they pre-date the Internet, HIPAA, security and compliance requirements as we now know them. They had to backtrack and adapt to the latest rules and security threats, not to mention true cloud computing. Kipu is built in the cloud in agile development and coded in modern programming languages that are much faster, more secure, and cloud friendly, engineered to be easily used on your mobile device or tablet.

Single Instance Topology

This illustration represents a rough visual representation of what the Kipu cloud network might look like. With a single instance or client facility implementation might be better (and roughly) represented by this (virtual) server topology.

Here’s what Kipu is doing to safeguard your data.

Kipu installs separate virtual servers for each client. We are not a multi-tenant or multi-account system (like a bank where all accounts reside in one system). Rather, there is no single place where all Kipu records reside. Our system uses more than 6,791 servers (and counting), all encrypted.

The illustration above depicts the Kipu Cloud Network, which is replicated in different data centers all over the United States (in the EU for EU clients). This represents the nature of Kipu’s Cloud Network as it relates to multiple clients.

In the illustration above you see a representative visual depiction of a Single Client Instance with its unique virtual servers where each client is allocated up to 24 virtual servers, separate from all other clients.

Segregated Servers For Unmatched Security.

With Kipu, each client is segregated from every other client and their data, so while Kipu has hundreds of clients, each has their own servers. In fact, each averages six separate encrypted virtual servers for redundancy and safety. It’s virtually impossible for a data thief to even find Kipu’s 6,791 servers, much less hack into each one individually. Every client’s data is securely encrypted thus reducing the data domain and attack — unlike our competitors who run multi-account, multi-tenant and barely encrypted systems.

This Kipu cloud network running 6,791 servers costs Kipu millions of dollars to host and run — we think it’s worth it, but our competitors do not.

Redundant Safety For Your Data.

Also note of importance: This network topology not only safeguards data, it is also redundant, and because each client has their own servers, there cannot be a mass outage of service to all users (absent a natural disaster, act of war, or mass outage of connectivity, for example).

Many of our competitors who do not want to spend millions of dollars on separate servers for each client for additional security. They use a multi-account system where all of their clients’ data resides in a single database on one or several servers. There may be tens or hundreds of thousands of HIPAA-Protected records on one of their servers. In their multi-account system, there is one or several servers, where all client data is housed neatly in one place for a data thief to target. Because they do not allocate separate redundant and secure servers to each client, they mix all their clients’ data on a single or small group of servers. That is the kind of system architecture data pirates look for!

Eliminating Threats Before They Happen.

Kipu contracts the industry’s best professional data hackers, who consistently conducts penetration tests on Kipu, and we’re monitoring all traffic for new threats that go above and beyond the industry standard. Our multi-factor authentication — which works with text messages or hardware tokens — adds layers of security other technologies just don’t have.

The Bottom Line

In summary, Kipu has implemented extraordinary measures to ensure the safety of your HIPAA protected files.

  • Built for the cloud; no VPN or other applications required
  • Data encryption and HIPAA certified by MBHC
  • Separate virtual servers for each client; 6,971 in all
  • Servers on a private network, not just exposed for hackers to see
  • NOT multi-tenant or multi-user
  • Regular data intrusion testing
  • Two-Factor authentication
  • Available Yubi Key–Hardware USB key for extra security
    (optional at extra cost)