Information Security Standards

Rethink has implemented certain safeguards to meet the requirements of HIPPA Privacy and Security rules including those listed below.

Data at rest: Database level encryption using Symmetric Key AES 256 algorithm encryption, encrypting all PHI data and prevents database level attacks.
Protection of sensitive data in backup media and when interacting with raw database tables/objects.
Sensitive data not cached or persisted, preventing potential data leakage issues at the client or intermediary proxies.
Interception controls including limited physical access to data centers (to authorized personnel only), password-protection of central office machines, and off‐site backup storage.

Back-ups incremental hourly backups and daily full backups using Azure blob storage, as well as offsite backups.
Local redundant and geo redundant storage, with 3 copies of each backup created.
Application-aware snapshots (VSS)
Restore via VMware VMs

TLS 1.2 hash algorithm that provides encryption for data in motion and includes built-in controls to prevent tampering with any portion of the encrypted data.
Protection of web application data from unauthorized use and modification utilizing secure channels during transmission of data between client and server. Sensitive data is never transmitted via URL arguments. It is stored in a server-side repository or within the user’s session.
All requests to the domain are sent over HTTPS using IIS redirects.

Access / entry point controls including a firewall, antivirus software on all servers / workstations, and electronic session termination after 50 minutes of inactivity.
Any attempts to send an HTTP requests to the domain is automatically upgraded by the browser to HTTPS through the IIS redirect before the request is sent.
Controls built-in to prevent a captured stream of data from being replayed at a later time.
Transport Layer protection for all login pages and all authenticated pages.
Access to work area requires authorization.
Customizable user permissions to allow for more restricted access for specific users.

Universal Monitoring System as well as ongoing performance and application monitoring.
Secure Verisign certificates for each Rethink site and API Connections – the site is tested once per day for security gaps.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_3HH529JMSZ	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__oauth_redirect_detector	past	This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.