Security & HIPAA Compliance
Waltham Data Science LLC is committed to maintaining the highest standards of data integrity and privacy. Our NDI Cloud platform has been rigorously architected to meet the Technical Safeguards of the Health Insurance Portability and Accountability Act (HIPAA).
Our Security Pillars
1. Strict Access Control & Tenant Isolation
We enforce data isolation at both the Application and Data Access layers. Every search query and document retrieval is validated against the user's specific organizational permissions. By pre-fetching allowed dataset scopes and enforcing mandatory database filters, we ensure that users—including administrators—cannot inadvertently access data outside their authorized context.
2. Secure Authentication
User identity is managed through AWS Cognito, a HIPAA-eligible identity provider. This ensures industry-standard security practices, including support for Multi-Factor Authentication (MFA), strong password policies, and secure, expiration-based token management (JWT).
3. Audit Integrity
We maintain a structured audit logging system that captures user identity, timestamps, actions, and outcomes for every API interaction. Crucially, our logging architecture is designed to explicitly exclude request bodies and data payloads, preventing the accidental recording of PHI in system logs while maintaining full traceability.
4. Data Storage & Encryption
Our infrastructure relies on MongoDB hosted on AWS, leveraging the robust physical and network security of Amazon Web Services. We enforce encryption throughout the data lifecycle.
Encryption & Data Protection
Encryption at Rest
All data stored within our MongoDB databases is maintained in an encrypted state, ensuring that static data is protected against unauthorized access.
Encryption in Transit
All data transmitted to and from NDI Cloud is encrypted using TLS 1.2+ (HTTPS) with HTTP Strict Transport Security (HSTS) enforcement.
Data Minimization
Our search architecture minimizes exposure by excluding unstructured data fields from initial search results, ensuring only necessary metadata is processed during list views.
Questions About Our Security?
If you have questions about our security practices or need additional documentation for your compliance requirements, please contact us.
Released 2026-01-05
