Cloud security

In-development

The documentation of this section is being actively developed.

HeartAI security

Further information about HeartAI security may be found with the following documentation sections:

Legislative compliance

The HeartAI system must comply with the following legislative requirements:

Policy compliance

In additional to legislative requirements, the HeartAI system aligns with the following policies:

The following policy directives are within the jurisdiction of SA Health:

Reference specifications

The HeartAI system security posture endeavours to align to best practice regulations and guidelines, including:

Management of sensitive information

HeartAI is approved to store medical information that is classified at a level of OFFICIAL: Sensitive. The security and rigour of privacy and confidentiality is taken very seriously.

Policy: Management of sensitive information

The following policy document provides additional information about the HeartAI management of sensitive information:

Azure Database for PostgreSQL

The HeartAI instance of Azure Database for PostgreSQL implements the following security considerations:

  • Enforced TLS: All data in-transit is encrypted with enforced TLS. The minimum TLS version required is TLS 1.2.
  • Encryption at-rest: PostgreSQL servers use the FIPS 140-2 validated cryptographic module for storage encryption of data at-rest. Data, including backups, are encrypted on disk, including the temporary files created while running queries. The cipher uses AES with 256-bit key strength. Storage encryption is always enforced.
  • Private link: HeartAI instances of Azure Database for PostgreSQL integrate with Azure Private Link, such that network communication occurs privately over the Microsoft backbone network.