Prime Health Services incorporates security by design as a core principle across our applications. Our security practices are designed to support essential standards and regulations such as NIST, HIPAA, and HITECH.  We’ve instituted multiple complementary layers of security to secure client, server, data, and transmission of all user information. 

• Encryption. We protect data in transit (TLS/SFTP) and at rest using FIPS 140‑2–aligned controls; keys are keyvault safeguarded and device encryption is enforced where applicable.

• Access controls. We implement least‑privilege RBAC, unique user IDs, 15‑minute inactivity timeouts, and account lockout after five invalid attempts. MFA is required for remote VPN access and for administrative operations; Azure AD (Entra ID) enables enterprise SSO

• Monitoring & logging. Application audit logs remain online for at least 180 days; centralized monitoring, alerting, and email/endpoint protections are in place to detect and respond to threats.

• Vulnerability management & testing. We run monthly vulnerability scans and hold monthly remediation reviews; we also conduct annual third‑party penetration tests and periodic phishing assessments.

• Physical security. Facilities use badged access, video monitoring, and restricted server‑room access; visitors sign in and are escorted
• Incident Response. We maintain a documented Incident Reporting & Management procedure covering triage, containment, eradication, recovery, and lessons learned. Severity categories drive escalation, communications, and regulatory/client notifications and IR channels are exercised as part of business continuity testing.

We understand that security is not a static discipline and proactively apply processes and technologies to protect against a wide range of attack types. Our response team continuously assesses new vulnerabilities and dynamically adjusts development and operations.