Security and Compliance

  OOG Health is dedicated to diligently safeguarding and securing your information while guaranteeing that OOG.Health remains accessible whenever required. We employ an array of established industry practices and tools to defend your data against unauthorized entry, exposure, utilization, or destruction, and we continually oversee and enhance our offerings.

We adhere completely to the U.S. Health Insurance Portability and Accountability Act (HIPAA), encompassing the HIPAA Privacy, Security, and Breach Notification Rules. We have established rigorous protective protocols and administrative controls to maintain the confidentiality, integrity, and accessibility of Protected Health Information (PHI) and other confidential data.

 

Infrastructure Security and Reliability

  Cloud Platform Security OOG Health's platforms are hosted on Google Cloud Platform (GCP) and Amazon Web Services (AWS), which are top-tier providers of expandable and fortified cloud computing environments. We utilize GCP's robust framework as outlined in the Google infrastructure security design overview and Google's security overview whitepaper, as well as AWS's infrastructure security whitepaper

  Reliability OOG Health strives to provide superior uptime for our products and services.

 

Data Security and Privacy

  User Data OOG Health handles and stores user information in a secure manner in line with our Privacy Policy and Terms of Service.  

Protected Health Information Entities covered under the U.S. Health Insurance Portability and Accountability Act (HIPAA) can opt to send Protected Health Information (PHI) via OOG Health. We manage the secure storage, processing, and transmission of PHI in accordance with our Business Associate Agreement. We meet the requirements of the HIPAA Security Rule, which mandates the deployment of suitable administrative, physical, and technical protections to preserve the confidentiality, integrity, and availability of electronic PHI.

  Data Encryption Information is encrypted during transmission and while stored. OOG Health applies SSL/TLS for encrypting data in motion and uses confidential encryption methods for data at rest, incorporating robust encryption and verification (TLS 1.2 with SHA256 certificate). Data resides in our databases protected by AES-256. This ensures that unauthorized individuals cannot access or interpret your data.

  Code Testing and Assessments OOG Health evaluates all code for potential security flaws prior to deployment and routinely examines our networks and systems for weaknesses.

OOG Health routinely conducts independent penetration tests.   Security Policies OOG Health enforces security policies that undergo frequent reviews, including…

  • Asset Management
  • Data Protection
  • Data Retention
  • Information Security
  • Incident Response
  • Risk Assessment
  • Software Development Life Cycle
  • System Access Control
  • Vendor Management
  • Vulnerability Management

  Vulnerability Disclosure We treat all notifications of security issues with utmost seriousness and will address legitimate submissions once we confirm the issue and prepare a resolution.

Concerns about vulnerabilities or security matters pertaining to OOG Health should be reported responsibly to: security@oog.health

We encourage security experts to report vulnerabilities impacting OOG.Health, the OOG Health application, and other assets handling user data. Note that rewards for bugs are generally provided for verified vulnerabilities of medium or greater severity, at the judgment of our information security group. We consider factors like attack vectors, ease of exploitation, and potential security consequences.