MissionTracker Security & Compliance - HIPAA Compliant Homeless Shelter Software

Our Commitment To Maintaining A Secure Homeless Shelter Software Solution

Hi there... If you’ve made it to this page - there's a good chance you are the CFO, CTO, CIO or CSO of an organization looking for a new solution for your homeless shelter, life transformation ministry, veterans shelter or other human services agency you oversee.

Or, perhaps you're an IT administrator or outside technology firm exploring cloud-based database solutions for your client serving those who are homeless or needing additional support services.

Regardless, you've probably been asked to "dig deep" in terms of learning about our security. Well, welcome… we're happy to have you here.

As a leader of non-profit homeless shelter and human service agency software - we're accustomed to answering a lot of security focused questions regarding our cloud-based approach and remotely hosted databases.

So let's spend a hot minute and talk about how MissionTracker is postured from a security and compliance perspective.

2021 Facts On Cyber Security: 

  • On average, only 5% of companies’ folders are properly protected;
  • 78% fo employees lack confidence in their organization’s cybersecurity posture;
  • Nearly 80% of senior IT and IT security leaders believe their organizations lack sufficient protection against cyberattacks despite increased IT security investments made in 2020;
  • Cybercrime To Cost The World $10.5 Trillion Annually By 2025;
  • Every minute, $2,900,000 is lost to cybercrime and top companies pay $25 per minute due to cyber security breaches;
  • The average cost of a data breach is $3.86 million as of 2020;

Source: https://www.forbes.com/sites/chuckbrooks/2021/03/02/alarming-cybersecurity-stats-------what-you-need-to-know-for-2021/?sh=4710458c58d3

MissionTracker’s Culture - Providing Secure Homeless Shelter And Outcomes Software:

The entire team at MissionTracker has adopted a comprehensive culture of security - and not just around our coding (DevOps) practices but around everything we do. Noting the risks above, providing enterprise grade software and database solutions requires a comprehensive understanding of the risks involved, the attack vectors that can be used, as well as industry best practices to mitigate as much risk as possible.

Our Promise To Customers - A Secure HMIS Software To Get Your Work Done:

It is a core goal of MissionTracker to deliver a product and service that is constantly reviewed and improved with respect to security. Most of our clients are nimble non-profits, having to invest in software to streamline many processes within their organization - and on a budget. Having to lose sleep and worry about security concerns and data breaches is something we want all clients to avoid, if possible, and we have developed a strong moat of protection over the last 5 years thanks to intense product development and layering in new internal process controls and improvements.

A Multi-Layered Approach to Data & Operation Security:

With the ever increasing threat of data theft and other cyber security related incidents, it’s important that our team at MissionTracker maintains a 360 degree view of all possible attack vectors. Below is a summary of how MissionTracker has hardened our product and our operations as a whole:

Data Center 

We have partnered with a top-tier hosting partner located in Lansing, Michigan to ensure MissionTracker can deliver your organization results confidently. Monitoring includes biometric scanning protocols, continuous surveillance, and 24 X 7 production environment management.

For our MissionTracker Pro line of products - a separate HIPAA Business Associate Agreement (BAA) is on file with our data center that you can deliver services to your organization confidently on a platform you can trust. We have multi-site data redundancy, hosting within AWS facilities. Monitoring includes biometric scanning protocols, continuous surveillance, and 24 X 7 production environment management.

Data Security & Encryption

MissionTracker was developed as a web application long before the “cloud” was called the cloud - and security being top of mind. 

Our internal security policies and audits include monitoring of all traffic on approved ports, quarterly third party penetration and SQL injection tests, weekly security checks for code that is written, and AI-assisted monitoring of our entire code base - which can proactively alert the DevOps team of any potential threats. 

With our HIPAA compliant offerings, data encryption at rest is enabled at the database layer ensuring the data is permanently encrypted in the case of unauthorized access and copying of the files. 

Operations Management

We have implemented policies and procedures designed to ensure that all client data is secure and backed up to multiple physical locations. 

To maintain HIPAA compliance, the DevOpts team is continually evaluating new security threats and implementing updated countermeasures designed to prevent unauthorized access to or unplanned downtime of the Subscription Service. 

Uptime monitoring is provided by SolarWinds Pingdom as well as embedded Google Analytics.

Insurance For Peace of Mind:

Please check back for more information.


MissionTracker - A HIPAA Compliant Contender For Homeless Shelters And Human Service Providers:

With ResidentTracker Pro, MissionTracker clients will gain numerous new benefits, tools and features - with many related to hardened security, auditing, and database protection. 

Below is a summary of all ResidentTracker Profeatures pertaining to HIPAA and data security:

HIPAA Compliant Hosting

As a part of our ResidentTracker Pro subscription - clients can benefit from state-of-the-art security with our new HIPAA compliant hosting option. MissionTracker was completely rebuilt using the latest versions of PHP and MariaDB 10.3 to ensure that our development stack was using the most current (stable) versions available.

A chief security officer was appointed at MissionTracker to facilitate a culture of security with the entire DevOps team. MariaDB was fine-tuned to include data encryption (at rest) and encryption on the wire is provided by dedicated SSL certificates. Enhanced certificates are made available to MissionTracker clients subscribing to ResidentTracker Pro.

Penetration tests are performed each quarter on this new server and results are discussed by the DevOps team, lead by the security officer. Additionally, rigid firewalls were implemented to limit authorized access to the machine.

MissionTracker DevOps engineers are mandated to use a state-of-the-art SD-WAN (VPN) before connecting to any hardware - allowing MissionTracker to completely close down and all ports that may expose the machine to potential threats and attack vectors.

Additionally - every MissionTracker team member that has the potential to access critical, sensitive client information (including information marked as PHI) undergoes training and certification for HIPAA compliance each year in October.

Daily archival backups are made of each client database - thus ensuring the minimum 7 year storage requirement for HIPAA compliance.

HIPAA Audit Log

Another new feature made available in ResidentTracker Pro will be the HIPAA Audit Log. System administrators will see a new module within System Admin that will allow them to run reports on activity in ResidentTracker. These reports can be filtered by date range (and time) as well as by staff member - and will display a comprehensive keystroke activity log for the given search criteria. If you're wondering who deleted a document, changed a client's profile, added a certain case note, or have questions along these lines - the new HIPAA Audit Log will provide you what you need.

Advanced Backups

ResidentTracker - Standard Edition includes a Terms of Service guarantee to maintain nightly backups of client data. With ResidentTracker Pro - the backup service is greatly enhanced to include nightly backups that are persistently stored over time - for a total of seven years. This meets the standard required for HIPAA compliance and offers clients great flexibility as MissionTracker engineers have the potential to go back in time to view any database backup. This not only overs the data entered into the MissionTracker database, but includes uploaded photos and documents as well.

Backups of all databases are securely encrypted using GPG encryption and securely transferred to a MissionTracker owned Network Attached Storage (NAS) device that is also included in our network scans and vulnerability tests.

HIPAA Compliant Security Features - Mandatory Password Resets

MissionTracker's System Admin module will now include a new series of TrackerSettings to help organizations better manage HIPAA compliance.

The first setting is related to mandatory password resets. HIPAA compliance requires passwords to be reset at set intervals. This feature will include a master ON/OFF switch so clients can decide on if they want passwords to be automatically suspended. If set to "ON" - a separate tracker setting will allow clients to set their desired interval - by choosing a value of 30, 60, 90, 120, or 180 days. If this feature is enabled, all users of MissionTracker whose passwords have expired will be prompted to reset their password before continuing to use any other tools.

A separate report module is included for system administrators to easily see accounts that have had recent password changes as well as accounts whose passwords will expire in future

HIPAA Compliant Security Features - Simple Two Factor Authentication (2FA)

MissionTracker's System Admin module will now include a new series of TrackerSettings to help organizations better manage HIPAA compliance.

The second setting is related to two factor authentication (2FA). The System Admin module will be updated to collect two unique answers for each user - from a bank of standard questions. MissionTracker's Log In and Authentication System is updated to look for a cookie that is set confirming each user passed their 2FA questions. The cookie will last for 90 days - and once expired - require the user to answer the questions again upon logging in. This feature will also include a master ON/OFF toggle in System Admin - allowing system administrators to enable or disable this feature for users. An override feature is available as well - per individual profile - for system administrators to make policy changes for single users that may deviate from standard procedures.

A common question is why aren't we using phones or emails for 2FA? The challenge is around accessibility to these devices. An overwhelming majority of MissionTracker clients suggested not all of their staff members will have access to email accounts or cell phones - and implementing such a rigid security policy would wreak havoc on their operations. Using the security questions approach, we're able to provide a less rigid enhancement to user security while honoring HIPAA related suggestions and requirements. We will be exploring enhanced 2FA methods in the future.

MissionTracker - HIPAA Compliant Software For Homeless Agencies 

Understanding and implementing HIPAA’s rigorous compliance steps can be a daunting task. ResidentTracker Pro offers HIPAA Compliance and was built to meet and exceed BOTH HIPAA Compliance standards as well as HiTrust standards.

HIPAA Compliance Press Release

MissionTracker is pleased to announce that it has achieved compliance with the federally mandated standards of the Health Insurance Portability and Accountability Act (HIPAA) through the use of Compliancy Group's proprietary HIPAA methodology, The Guard® compliance tracking software, and HIPAA Seal of Compliance®.

HIPAA is made up of a set of regulatory standards governing the security, privacy, and integrity of sensitive health care data, called protected health information (PHI). PHI is any demographic health care-related information that can be used to identify a patient. If vendors who service health care clients come into contact with PHI in any way, those vendors must be HIPAA compliant.

MissionTracker has completed Compliancy Group's Six Stage Implementation Program, adhering to the necessary regulatory standards outlined in the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, HIPAA Omnibus Rule, and HITECH. These standards have been heavily vetted against the letter of the law and meet federal NIST requirements. MissionTracker's good faith effort toward HIPAA compliance through the use of The Guard has been verified by the HIPAA subject matter experts and Compliance Coaches at Compliancy Group.

The HIPAA Seal of Compliance is issued to organizations that have implemented an effective HIPAA compliance program through the use of The Guard, Compliancy Group's proprietary compliance tracking solution.

MissionTracker has completed the Compliancy Group Implementation Program under the guidance of Compliancy Group's team of expert Compliance Coaches®. The important intersection between HIPAA compliance and data security is often lost on IT providers working in the health care space. Clients are becoming more aware of the requirements of HIPAA compliance--and forward-thinking providers like MissionTracker choose the HIPAA Seal of Compliance to differentiate their services.

About Compliancy Group:

Compliancy Group simplifies HIPAA compliance so that health care professionals can confidently run their practice. The Guard™ is our simple, cost-effective, web-based solution. Users are guided by our team of expert Compliance Coaches™ to Achieve, Illustrate, and Maintain™ total HIPAA compliance. Visit https://www.compliancy-group.com