Access logs to instances containing PHI are maintained via infrastructure, application and operating system logging mechanisms. Monitoring, audit controls and system activity review is documented and complies with 45 CFR 164.308(a)(5)(ii)(C), 45 CFR 164.312(b) and 45 CFR 164.308(a)(1)(ii)(D).
Alerting and Status
Tidepool integrates multiple internal alerting mechanisms for notification of problems and issues via ChatOps, email, cell phone/SMS. For Public status information, please see:
An "on-call" rotation schedule for engineers is maintained to ensure that there is always a primary and multiple backup employee to respond to potential issues, 24x7.
Logging
Tidepool implements remote logging to a HIPAA-compliant service for all application, security, audit, and compliance logs.
Monitoring
Tidepool monitors systems proactively for the following concerns, though this is not an exhaustive list. Tidepool continuously evaluates environment and risk criteria and updates monitoring and alerting based on risk-based analysis.
Network Performance - latency, response time, errors
System Performance - CPU, memory, disk, network usage
Capacity - system resource usage, overhead, disk usage, failover and redundancy
Tidepool is a fully distributed and remote company, employing engineers in multiple Time Zones. As a result, an engineer is always available.
Based on our monitoring tools, Tidepool has maintained 100% user-facing uptime of our production environment over the last year, and over 99.9% uptime since inception.
No downtime for software/system updates
Under normal circumstances, all User application and API requests continue to be fulfilled by redundant instances and updates are rolled back via automation in case of deployment problems.
In accordance with legal, statutory, and regulatory compliance obligations, the availability, quality, and adequate capacity and resources are planned, prepared, and measured to deliver the required system performance.