Security is of the utmost importance to the Society for Improving Medical Professional Learning. We have taken the following steps to ensure that all data submitted to the SIMPL Collaborative is held and transferred securely.

Compliance

SIMPL uses AWS Security Hub to quickly assess high priority security alerts, and conduct automated compliance checks.

AWS Security Hub Consolidates findings across AWS services and partner integrations to provide alerts to the SIMPL team about potential security threats. This service automates our security compliance checks and continuously runs them against our environment., 

Data & Encryption

The SIMPL, legally known as the Procedural Learning and Safety Collaborative (PLSC) owns all data, which are hosted on AWS’s RDS (Relational Database Service). Both data at rest, and data in transit are encrypted. 

In Transit: Data in transit use SSL over the HTTPS protocol for all communications between all SIMPL clients (iOS, Android, and Web) and the server. 

At Rest: All databases for the SIMPL application are managed with Amazon RDS (Relational Database Service), and all data is encrypted.

Access Management

Access to Servers: Access to resources within the SIMPL technology stack is closely managed and restricted.  The SIMPL servers are hosted within a Virtual Private Cloud (VPC) that isolates the SIMPL hosting environment from other unrelated services. All connectivity to servers is proxied via a secured bastion host and traffic within the VPC is similarly limited only to expected communication patterns.

User Access: The SIMPL iOS and Android apps are only accessible to users who have been invited to register by their institutional program administrator. After registering and creating their own username and password, they must use these credentials to authenticate before being able to use the app to complete an evaluation. Institutional program administrators are added directly to the SIMPL system by the SIMPL support team.

Patient Identifying Information: SIMPL only collects a limited data set of protected health information (PHI), and does not gather any patient personal identifying information (PII).

Firewall

SIMPL Uses AWS WAF – Web Application Firewall, to protect our application from common web exploits that could affect application availability, compromise security, or consume excessive resources. 

Processes

Security Audit– Automated security inspections are performed every 2 weeks. Alerts and warnings found in these inspections are scheduled for maintenance by SIMPL’s devops team at the earliest convenience.

Security Breach – Although unlikely, in the event of a security breach it will be immediately reported in writing to the SIMPL Steering Committee, any affected users, and any associated member programs’ Information Security Office.

Contact us for more information- support@simpl.org.