ClearDATA Service Descriptions

Customers may reference this Service Description at http://cleardata.com/services-descriptions. ClearDATA updates this Service Description from time to time to incorporate changes to the environment made by the public cloud provider and updates in the functionality of ClearDATA services.

ClearDATA CyberHealth™ Platform Service Description

ClearDATA CyberHealth Platform

The ClearDATA CyberHealth Platform is purpose-built software used with or without ClearDATA Managed Services. The CyberHealth Platform enables healthcare organizations to manage their security and compliance posture in the public cloud relative to standard regulatory, security, and privacy frameworks such as HIPAA, GDPR, and ISO27001. ClearDATA CyberHealth Platform is available

for Amazon Web Services (AWS), Microsoft Azure (Azure), Microsoft 365, and Google Cloud Platform (GCP). For additional details on supported cloud platforms and services, please see https://cleardata.document360.io/.

Software Description

A subscription to ClearDATA CyberHealth Platform, by itself, allows self-enrollment of a customer-owned cloud environment. There is no ClearDATA® Business Associate Agreement (BAA) with the Software-only support level, nor is a Public Cloud Provider service a Supported service concerning the ClearDATA CyberHealth Platform. An appropriate Business Associate Agreement (BAA) should be executed between the customer and the Public Cloud Provider if Protected Health Information (PHI) is present in the cloud environment.

ClearDATA will provide technical assistance for Software Support to registered users of the ClearDATA Customer Portal. The user guide for the ClearDATA CyberHealth™ Platform software is located at https://cleardata.document360.io/.

In addition to enabling native self-service access to all services provided by the Public Cloud Provider, the ClearDATA CyberHealth Platform provides:

  • Access to healthcare specific compliance reference architecture documents for selected Cloud services
  • Automated logging for compliance-related cloud events
  • Automated Safeguards for selected services
  • Compliance events notification
  • Compliance Reporting
  • Operating System Compliance
    • Access to CIS hardened Operating System Images, updated monthly
    • Access to CIS hardened images if an emergency patch is issued for a zero-day exploit

Technical Support Request

Customers may request product support by opening a support ticket on the ClearDATA customer portal (through https://cyberhealth.cleardata.com or via email to their customer success manager). ClearDATA will use commercially reasonable efforts to respond to support requests within the following time frames:

Security Level Definition Response Time
1- Urgent Production Down OR Suspected Security Event:

An incident or situation has occurred that is causing a total, critical service outage to client-facing cloud services. Client business operations cannot continue or are severely compromised. The incident affects critical path processing, and there is no workaround available. Includes suspected security events such as a software or operating system vulnerability; suspicious cloud, network or host activity; a compromised workload or service; key or credential exposure; or performance degradation or outages caused by security tools.

 30 Minutes
2 – High Production Impaired:

An incident or situation has occurred that is having a significant effect on the client’s ability to conduct primary business operations. Client business operations may be, or are at a risk of being compromised. The incident may affect critical path processing, and an effecive work-around may be available.

Includes incidents or situations such as loss of redundancy, loss of access, or heightened resource utilization.

 1 hour
3 – Medium Non-Production Down:

An incident or situation has occurred that is causing a total, critical service outage to client-facing cloud services. Client business operations cannot continue or are severely compromised. The incident affects critical path processing, and there is no workaround available.

 1 Business Day
4 – Low General Inquiry:

A service request has occurred that is having minimal or no immediate effect on client business processes.

Includes inquiries such as product feedback, billing questions, and sales-related questions.

 2 Business Days

ClearDATA Business Hours: 24x7x365.

ClearDATA CyberHealth Platform Service customers can read additional details for their service description at https://www.cleardata.com/cleardata-managed-services-regulated-environments/

ClearDATA Customer Portal

The ClearDATA CyberHealth Platform user interface, also referred to as “Customer Portal,” is accessible at https://cyberhealth.cleardata.com. The CyberHealth Platform allows access to user interfaces for administrative tasks such as user management, billing, and ticketing.