Security Policies

Our Core Security Principles

Security Team

Our security team monitors security notifications from all 3rd party software libraries and if identified, we immediately apply any relevant security patches as soon as they are released. Our engineers work together with the product teams to ensure that all of Luminello’s code and infrastructure follow a secure development lifecycle process.

Infrastructure

All of Luminello’s application and data infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform with end-to-end security and privacy features built-in.

Designed with redundancy, fault tolerance, and disaster recovery at the forefront, our services are distributed across separate data centers. All our infrastructure is within our virtual private cloud (VPC) with production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses, and other security features.

For more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.

Data Center

All data is stored in HIPAA-compliant AWS infrastructure, housed in Amazon-controlled data centers. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.

Application

We ensure to the best of our abilities that we are delivering products that are free from security defects. All Luminello web application communications are PCI compliant and support TLS v1.2, and cannot be viewed by a third party.

Additionally, we support a number of security-focused features to help keep your data safe

  • Data encryption – All customer data is encrypted at rest including user email addresses, user passwords, API keys, including 3rd party keys stored by Apps.
  • Company-specific data is kept separate through logical separation at the data tier, based on application-level access permissions and roles.
  • Authentication – Luminello supports 2FA access via the authenticator app.

Engineering and Operational Practices

We follow the following best practices:

  • Immutable infrastructure – We don’t make changes to live code or running servers in production. Where applicable, we treat both our software and our infrastructure configuration as code.
  • Incident response – We are on-call to respond to any security or availability incidents.

Natalie Gluck, M.D. Psychiatrist, New York, NY

Prior to setting up a private practice, I did a lot of research into different EHR systems. I ultimately chose Luminello because of it’s simple, elegant design, and because I believe it is the only EMR that was created by a psychiatrist. I have been thrilled with my choice. I now recommend Luminello to all of my colleagues.

Contact us

Custom forms & templates

Hire us to create custom questionnaires and templates for you.

Group practices

Automated chart importing

Unlimited admin assistants

Invoicing + auto-pay

Pre-screen form in public profile

Get started with paperwork quickly!

Expand Your Practice with Telehealth