Blue Nine Security

Data integration with intense focus on security is integral to our business.
We take it seriously.

On-site Security Measures

  1. Healthcare facility security enforced through several layers of physical security required to gain access to Blue Nine assets and or application.
  2. Quarterly password changes are mandatory and require unique and complex combinations of alphanumeric characters
  3. The practice of updating passwords regularly is present throughout all layers of security
  4. Device security
    1. Password protected BIOS
    2. Secure Boot protocol enabled2
    3. TPM Bitlocker hard drive encryption
    4. Encrypted local SQL database
    5. PHI is removed at the close of each case
    6. If a device is identified as wayward, it can be access-restricted and/or wiped of all data


Cloud Security

  • Servers are housed in facility that has human monitoring 24/7/365
  • Multi-level security required to access the servers – Password protected BIOS
    • Badge
    • PIN
    • Biometric scanning
  • Digital video surveillance on-side 24/7/365
  • 5 sided lockable cabinets and cages.


Blue Nine’s technology infrastructure is architected under the highest level of security specifications for managing and archiving patient records and personal health information.

Blue Nine is fully compliant with the HIPAA Standards for Privacy, Electronic Transactions and Security (including the HITECH Act and the Omnibus Rule of 2013). We have implemented policies, processes, and procedures designed to ensure compliance with all federal and state information security laws, regulations, and rules, and to monitor ongoing compliance efforts and maintain various reporting mechanisms that are required by law or requested by its customers.

As a key business partner to our customers Blue Nine has an ongoing commitment to providing our programs and services in full compliance with the requirements of all state and federal laws and regulations.

Technical Infrastructure

  • SOC 2 type II compliant private virtual cloud
  • Geographically redundant DR capabilities (tested bi-annually) spread over 9 locations in the US Regular system wide penetration testing and vulnerability scans
  • Digital video surveillance on-side 24/7/365
  • SLA-backed uptime guarantees for 24/7/365 uptime
  • 24/7/365 connection availability
  • Inherently scalable infrastructure
  • Limited Public access (2 hosts)
    • HTTPS Public IP access on host 1
      • Public access limited to Continental U.S. IP addresses
      • Public facing site security is augmented with an application firewall that scans all requests and processes them based on defined security filters
      • SSL Labs “A” rated PKI cert protecting site sessions
    • IP and user account authenticated verification on host 2
      • VPN server that only allows TLS 1.2 certificate-based connections
      • Automated rekeying of session keys and enforced account lockout policies
      • Domain level authentication with profile based, ACL managed, access to internal assets
    • B2B network access servers for data transfer is endpoint to endpoint IP, port specific and firewall enforced using both IPSEC and SFTP methods
      • IPSEC tunnels
      • Automated rekeying of session keys and enforced account lockout policies
        • established with healthcare facility NOC
        • Interfaces to the facility EHRs run within each phase II connection
    • SFTP connections
      • Allowed to be jailed through TLS 1.2 connections
      • Zero shell access
      • Bound to a specific IP address
      • Enforced by firewall
    • Comprehensive KPI used to monitor services, system, and network metrics throughout the network infrastructure
      • IPSEC tunnels
      • Monitors in place:
        – WMI/SNMP protocols for monitoring bandwidth
        – Network interfaces
        – CPU
        – Memory utilization
        – Network Latency
        – Service availability
      • Alarms triggered based on various thresholds
      • Historical perspective and review allowed through time-series graphs assist in troubleshooting and providing benchmarks for the system
    • Domain level Security
      • Dual home servers partition public and private traffic over FQDN (Fully Qualified Domain Name) and internally addressed RFC 1918 hosts
      • SQL traffic is encrypted natively at the host level
      • Machine to machine traffic is encrypted via SMB on file transfer.