Cloud security
The documentation of this section is being actively developed.
Further information about HeartAI security may be found with the following documentation sections:
Legislative compliance
The HeartAI system must comply with the following legislative requirements:
Policy compliance
In additional to legislative requirements, the HeartAI system aligns with the following policies:
- South Australian Cyber Security Framework (SACSF)
- South Australian Information Classification System
The following policy directives are within the jurisdiction of SA Health:
- SA Health Information Classification System Policy Directive
- Digital Health SA Information Security Policy Directive
- Digital Health SA Information Security Management Framework
- Digital Health SA Information Asset Classification
- Digital Health SA Security Impact Assessment
Reference specifications
The HeartAI system security posture endeavours to align to best practice regulations and guidelines, including:
- ISO/IEC 27000-series
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA).
- CIS Microsoft Azure Foundations Benchmark
Management of sensitive information
HeartAI is approved to store medical information that is classified at a level of OFFICIAL: Sensitive
. The security and rigour of privacy and confidentiality is taken very seriously.
The following policy document provides additional information about the HeartAI management of sensitive information:
Azure Database for PostgreSQL
The HeartAI instance of Azure Database for PostgreSQL implements the following security considerations:
- Enforced TLS: All data in-transit is encrypted with enforced TLS. The minimum TLS version required is TLS 1.2.
- Encryption at-rest: PostgreSQL servers use the FIPS 140-2 validated cryptographic module for storage encryption of data at-rest. Data, including backups, are encrypted on disk, including the temporary files created while running queries. The cipher uses AES with 256-bit key strength. Storage encryption is always enforced.
- Private link: HeartAI instances of Azure Database for PostgreSQL integrate with Azure Private Link, such that network communication occurs privately over the Microsoft backbone network.
The following references provide further information: