You’ve placed your trust in us. We don’t take that responsibility lightly.
Users have been trusting MPOWR with their information since 2006, and we do our best to meet and exceed the industry standard in information security to justify your trust.
Key Security Features
World-Class Data Centers
MPOWR server infrastructure is hosted on Amazon Web Services. The AWS compliance program is designed to follow international security standards and regulations, while protecting confidentiality and data privacy. Data centers provide the necessary
means to operate 24 x 7 and protect data from physical damage and network issues.
When you access MPOWR Envision, SSL technology protects your information using both server authentication and data encryption in transit. We use TLS with up to 256 AES encryption as supported by the client. Data at rest is protected by using FIPS140-2 standards compliant encryption. Backups are encrypted with AES-256.
MPOWR has established a comprehensive, audit-ready information security management framework helping us ensure you are as confident with MPOWR hosting your data as if it was stored locally within your own network. This is accomplished by assessing risks and continually improving security, confidentiality, integrity, and availability of the service. We regularly review and update security policies, carry out internal security training, perform application and network security testing, monitor compliance with security policies, and conduct internal and external risk assessments.
MPOWR leverages an industry leading standards-based identity management and user authentication platform that includes breached password detection and brute force attack prevention. Users choose whether to authenticate with a salted and hashed username / password combination, or through Single Sign-on (SSO) with your favorite social provider account such as Google or Facebook. Either way, the only one who ever knows your password is you.
Security in Development
MPOWR develops software using agile development processes, and we apply the same approach to security. Just as this enables us to rapidly develop and update our software to meet customers’ evolving needs, it also allows us to quickly target and fix newly discovered security vulnerabilities within strictly enforced time frames.
Independent 3rd Party Evaluation
MPOWR utilizes independent vulnerability scanning and detection services to identify and prevent security bugs and vulnerabilities in our services and products, including guarding against common web application attacks (XSS, SQL injection, CSRF, etc.) where applicable. MPOWR is audited annually in order to maintain our AICPA SOC 2 certification and HIPAA compliance program..
All payment-related services are provided by Authorize.net, one of the most reliable payment processors in the industry. This is confirmed by a PCI DSS certificate of the highest level. Nobody at MPOWR can store or access sensitive payment information.
Data is stored in a failover cluster that is backed up continuously as data changes occur. Encrypted backups are retained for 30 days. No matter what happens, your data will stay safe. Backups of the database are stored separately from the main data center across multiple availability zones.
The customer is in control of their own user account. Role-based access control allows you to ensure each user can only access the information they need to in order to do their work. Access to server infrastructure and databases by the MPOWR team is strictly regulated and is performed for support and maintenance purposes only.
No, without your request and permission no one can view your organization’s data. MPOWR restricts access to the production environment to a limited number of IP addresses and associates responsible for support and maintenance of our infrastructure environment.
Yes. MPOWR complies with the HIPAA Privacy, Security, and Breach Notification regulations that are applicable to HIPAA Business Associates and Subcontractors. MPOWR has implemented all required HIPAA Policies and Procedures, and we conduct regular internal reviews to ensure that our operational practices remain consistent with our HIPAA Policies and Procedures. If your MPOWR product is designated as in-scope for HIPAA, the MPOWR Business Associate Agreement is incorporated into and made part of the Terms of Service for your MPOWR Product.
All MPOWR products use valid encryption processes for ePHI at rest and ePHI in motion as described in the U.S. Department of Health and Human Services Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals. MPOWR’s HIPAA compliance program undergoes a regular audit and review, and you may request a copy of our most recent HIPAA Attestation Memorandum as described in more detail below.
MPOWR cannot modify the HIPAA BAA, because MPOWR SaaS products and services are consistent for all customers and so must follow the same procedures for everyone. However, MPOWR collaborated closely with expert legal counsel to develop a BAA that meets all security and privacy provisions set forth in HIPAA and the HITECH Act for HIPAA-covered entities.
We provide the same high levels of security to all customers, no matter what plan they use. Customer data is encrypted in transit and at rest to ensure no one can access your sensitive information who isn’t supposed to.
We take our responsibility and your trust in us seriously. MPOWR’s comprehensive information security management program is independently verified by 3rd party auditors, and designed to continuously assesses risks and improve the security, confidentiality, integrity, and availability of the service.
You may contact your MPOWR account representative to request a copy of MPOWR’s independently audited compliance reports. Your auditors can use these reports to compare MPOWR’s SaaS products and services results with your own legal and regulatory requirements.
Once you have used MPOWR Envision, we know you will love it so much you will never want to cancel! But if something does happen and you need to cancel your account don’t worry. You can always export a copy of your data with the tools that are available in the software. After an account has been cancelled, MPOWR retains a copy of your data for up to 30 days, and then that data is deleted from our systems in accordance with our Data Retention Deletion policy detailed in your product’s applicable Terms of Service.