When it comes to data, we leave no stone unturned in ensuring its security. Red Road is HIPPA and GDPR compliant. We are also SOC2 Type 1 Certified and in the process of getting the SOC2 Type 2 Certification.

Based on the above Data Security requirements, the following are some of the best practice controls that Red Road adheres to:

Data security
  • Employees access Protected Health Information (PHI) via encrypted connection. High security firewalls restrict the movement of information.
  • Encryption of stored data and data in transit with Laptops and Desktops encrypted as well as emails containing PHI/PII.Endpoints protected with anti- virus technology.
  • Restricted access to Internet, limited to job function. A separate network available on separate computers for Internet access unrelated to job function.
  • Restricted access to emails. No emails are allowed to go out, to any domain, unless it is the customer domain or is part of whitelist domain.
  • Protection against viruses and malware.
  • Each managed network perimeter monitored for unauthorized access. Incident Response procedures in place to monitor for significant security events.
  • Segregation of the production floor to create a separate “Protected Zone” called the “PHI/PII Zone” with additional physical and technical controls including no smartphones or recording devices allowed in the Zone.
  • A Security Guard deployed outside the entry gate of the PHI Zone.
  • Secured area with badge access. Each employee given an access card with defined and controlled access limited to their job function.
  • Access to the PHI Zone is controlled/restricted through access cards given to each employee.
  • Video recording of each employee in the PHI/PII Zone as well as recording of each employee’s desktop.
  • The entire facility monitored real-time by a security guard 24/7/365. Should incidents occur (e.g. tail-gating through a badged access point) the security guard sends video proof to the compliance officer for appropriate action. Recordings are stored at a different location, for future reference.
  • For each user, the complex passwords for their login ID are mandated. Regular password changes are also enforced.
  • No employees with access to PHI/PII allowed to work from home unless the client directs this to be done.
  • Regular security awareness and job specific HIP AA privacy and security training programs given to employees.
  • A dedicated on-site HIPAA compliance officer.
  • All employees trained in HIPAA compliance, privacy and security upon hire.
  • HIPAA compliance, privacy and security posters are found throughout all locations.
  • A sanction policy in place at all locations for any HIPAA-related violations or violations of the Company policies.
  • Background checks completed for all new employees.
  • New employees are given access privileges depending on the work that they are assigned to.
  • All new employees receive privacy and confidentiality training and sign a confidential agreement.
  • Regular audits of HIPAA compliance solutions programs and formulation of corrective plans to address any violation of compliance is observed.

Please reach out to us at, if you need to understand more about our data security protocols.