Security

Home|Security

Security

eSupport Health values the trust you place in us to safeguard your data. We take our responsibility to protect information seriously and strive for complete transparency around our security practices, detailed below. Please also view the Privacy Policy that further details how we handle data.

Physical Security

Our technical infrastructure is hosted in world-class data centers at Amazon Web Services (AWS) and Google, which has achieved regulatory compliance and certification in over a dozen of the highest standards including HIPAA, ISO 27001, SOC Type 1 & 2, and HITRUST CSF.  Physical security controls include 24×7 monitoring, video surveillance, and biometric entry in multi-layered facilities.  For more information about the fortification of AWS by design please visit AWS data center security. Google Data and Security information is also available.

Compliance

eSupport Health has achieved HIPAA compliance and can therefore accept or process Protected Health Information (PHI) securely in accordance with these standards. eSupport Health re-certifies this compliance annually.

eSupport Health is compliant with the Payment Card Industry’s Data Security Standards (PCI DSS 3.2) and can therefore accept or process credit card information securely in accordance with these standards. eSupport Health re-certifies this compliance annually.

Access Control

Access to eSupport Health’s technology resources is allowed only through secure channels (e.g., VPN/SSH) and requires multi-factor authentication.  Permissions are provided on a “need-to-know” and “least privilege” basis using an Identity and Access Management system (IAM), with permissions reviewed quarterly.

Security Policies

eSupport Health reviews its information security policies on an annual basis. Employees must acknowledge policies annually and undergo additional training such as HIPAA training, PCI, or other skills and development training as necessary to adhere to all applicable specifications and regulations.

Personnel

We conduct background screening at the time of hire (to the extent permitted by law and applicable countries) and communicate eSupport Health’s information security policies to all personnel, who are required to sign non-disclosure agreements and receive ongoing security training.

Encryption

eSupport Health technology solutions utilize encryption for data-in-transit and data-at-rest.  All outgoing e-mail messages and attachments will attempt to be sent using encryption automatically and our policy mandates that confidential information must only to be sent using encrypted channels.

Development

Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Development, staging, and production environments are separated – with all changes requiring review and approval prior to being deployed.

Information Security Incident Management

eSupport Health maintains information security incident response policies and procedures covering the initial response, investigation (if necessary), and remediation. These policies are reviewed regularly and tested bi-annually.

Data Breach Notification

Our breach notification procedures are consistent with our obligations to applicable laws and standards. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Business Continuity

AWS & G Suite have guaranteed uptimes over 99.9% and 24/7 e-mail & phone support.

eSupport Health’s databases are backed up and verified regularly. Backups are encrypted and stored to preserve their confidentiality and integrity and are tested regularly to ensure availability.

Your Responsibilities

Keeping your information private and secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also make sure that you have sufficient security on your own devices used to access our services.

Logging and Monitoring

Application and infrastructure systems log information are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance in the event of a security incident.

Joe Duncan

Chief Executive Officer (CEO)

Joe is the cofounder of eSupport Health and has served as its CEO since the company was formed in November 2019. He is a seasoned executive with over 20 years of experience in founding, building, and leading effective organizations, and whose counsel is sought out across a variety of businesses.

Since 2012, Joe has served as an advisor to the CEO of protocols.io, the leading digital repository for academic research. He led protocols.io’s initial seed round and continues to be actively involved as a trusted advisor to the company.

From 2015 to 2017, Joe served as General Manager at Lionbridge Technologies, where he established the Legal Division, following Lionsbridge’s acquisition of Joe’s company, Geotext Translations, Inc.

In 1997, Joe founded and served as CEO of Geotext, a multimillion-dollar business providing premium language services to global 100 law firms and major corporations. Geotext became the go-to translation company for many of the world’s most critical cross-border legal matters. At its peak, Geotext had over 120 full-time employees and 3,500+ contractors around the world. In 2015, Geotext was acquired by Lionbridge.

Joe holds a B.A. in English Literature, with a Minor in Political Science, from the University of Southern California and an M.F.A. from Columbia University. Joe enjoys reading, running, and hiking in the Adirondacks with his family. Recently Joe learned to surf which involves more wiping out than catching waves, but he enjoys the challenge.