Security

Jasper Health is committed to keeping your data safe. Our platform is designed to ensure secure storage and processing of all information we interact with. Whether it’s personal health information (PHI), personally identifiable information (PII) or anything beyond, we’ve established extensive security and compliance policies and procedures to ensure that our client’s and user’s data remain protected. Security and compliance certificates include:

HIPAA Jasper Health is HIPAA compliant and executes BAAs with customers and vendors as appropriate.

SOC 2 Type 1 & II Jasper Health is SOC 2 Type I and Type II certified to meet AICPA’s Trust Service Principles. Potential and existing customers may request a copy of our SOC 2 report under a NDA.

Layers of Defense

Jasper Health’s infrastructure is protected by numerous layers of defense, known in the information security industry as a “defense-in-depth” strategy. Our security architecture and approach includes but is not limited to the following:

At-rest data encryption using AES-256
Automated region failover
Auto-scaling capabilities
Daily data snapshots
Disaster and Recovery processes and procedures
In-transit data encryption of SSL + TLS 1.2 or higher
Intrusion detection and prevention systems
Multi-factor authentication (MFA)
Distributed Denial-of-Service (DDoS) mitigation
Internal and external penetration testing
Security patch management
Secure software development lifecycle processes
Security Information Event Management (SIEM) with anomaly and threat detection
Vulnerability scanning
Web Application Firewalls
Additional security control information available on request

Security Culture

Every employee at Jasper Health, from office operations to our CEO, is dedicated to security and protecting our customer data in all that we do. We have a formal security program in place.

We view security not just as a core component of our technology, but also as a cornerstone of our company culture. All employees receive security training both as a new hire and regularly thereafter. Communication channels for any security issues or questions are always open for our employees and customers. We send out ongoing reminders to our staff about security issues, and in addition, regularly test our preparedness with phishing drills and other security exercises.

Suspected Security Issues

If you suspect a security issue or anyone in your organization’s Jasper Health credentials may have been compromised, please contact Jasper Health support at [email protected].

If you are a security researcher who has potentially discovered a security weakness or vulnerability in Jasper Health’s systems, please send an email to [email protected] with information and we will provide information on secure responsible disclosure. At this time we do not offer monetary rewards for vulnerability disclosure.

Data Protection & Privacy

We ground our privacy commitments in strong data governance practices, so our customers can trust that we’ll protect the privacy and confidentiality of their data. Privacy is protected across Jasper Health with built-in security designed to automatically stop threats before they reach our customers.

Notice of HIPAA Privacy Practices

Our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA”). We will maintain the privacy of your Health Information as required by HIPAA and the regulations set forth under that Act. We encourage you to carefully review our Privacy Policy.

“I’m glad that I joined Jasper. It’s been nice to know that I have a go-to place when I need reliable and easy-to-understand information about cancer, finding support, and my health.”

— Cindy, Breast Cancer Survivor