Magnus Health is evaluated annually for compliance with HIPAA security and governance standards.

Magnus Health completes an annual questionnaire to maintain compliance with PCI SAQ-A standards. Magnus Health does not store any credit card details, as this is handled via a payment processor that is PCI compliant.

Magnus Health completes a third party NIST CSF assessment annually.

To see our real-time verification status click on the seal.

Magnus Health is a signatory of the Student Privacy Pledge. By signing this pledge, we have agreed to carry out responsible stewardship and appropriate use of student personal information in accordance with the commitments set by the Student Privacy Pledge, as well as all laws applicable to school service providers.

Magnus Health has achieved provisional status within the Texas Risk and Authorization Management Program (TX-RAMP).

Magnus Health uses SSL/TLS 1.2+ across all of our applications ensuring the communication between your browser and Magnus Health is private and secure.

Security from the ground up
Our applications are designed with security in mind. Security is a high priority requirement within every phase of our product development. We apply stringent processes to ensure the security of our systems and applications throughout design, development, testing, and day-to-day operations. We use a modern Software Development Lifecycle (SDLC).

Account and password protection
Magnus Health is designed so that you, and those designated by you, are the only individuals who can access your account. Your account is always password protected and we utilize a strong password policy and non-reversible hashing for storage of the password. We also offer multi-factor authentication.

Industry-standard security and encryption
We are hosted on a modern cloud platform in multiple locations. Our cloud-based hosting affords us many built in protections. Our backups are encrypted and stored securely at our cloud provider. We employ active protections including 24/7/365 security monitoring, web application firewalls, and DDoS protection. Your data is encrypted in transit and at rest. Our infrastructure is hardened based on guidance from the Center for Internet Security (CIS) Benchmarks.

Privacy protection
Magnus Health NEVER shares or rents your data with or to anyone without your consent.

Uploaded records
Documents directly uploaded to the school’s account through Magnus Health are encrypted in transit over both public and private networks, using TLS 1.2+. For long term storage of your submitted forms, Magnus Health utilizes industry-standard encryption at rest.

Mailed records
While your documents are in transit, they are subject to the security policies of the U.S. Postal Service (or other selected carrier should you choose to expedite them). Once received, only authorized employees monitor your documents in our processing facility. Records are processed and kept on file in our secure mail storage location, only accessible by authorized personnel. Mailed forms are destroyed by a third-party, HIPAA compliant document destruction service in compliance with our Data Retention and Disposal Policy.

Faxed records
Your faxes are securely collected using modern encryption. SSL/TLS encrypts the message from end-to-end. Once a fax is received, it can only be accessed by authorized personnel to complete necessary quality control auditing. This process is completed on a secure internal network and any electronic copies of records are destroyed after six months of storage.

No software to install
Magnus Health is a modern web-based service, meaning the only requirements for using it are an Internet connection and a device that can access the Internet. You will never have to download software in order to use and access our products. This means your school is constantly working with the most current version of our software, without having to pay for upgrades, implementation is quick, easy, and without any software delays due to obtaining or installing software.

Permissions
Permissions allow Magnus Health users to dictate the level of access others have to private information, significantly reducing the risk of information falling into the wrong hands. Permission to personal information is controlled by the administrator, who grants nurses, coaches, counselors, and other faculty varying levels of visibility. Read, write, and access permissions make this possible. Permissions are customized by the administrator for each user, and can be changed at any time, ensuring health information is communicated securely and effectively.

Data Backups
Magnus Health Client data is backed up daily with weekly backups stored indefinitely. These backups are versioned and replicated across geographic regions for resiliency. Magnus Health systems employ AWS-native technology with built-in backup mechanisms. Magnus Health also maintains hot-standby database servers in separate geographic regions in the event of a primary database failure.

Disaster Recovery
Paper medical records are vulnerable to all kinds of natural disasters, theft, or permanent loss, as are non web-based software systems. If the file folder or computer containing health information can be burned, flooded, blown away, stolen, or destroyed, that information is vulnerable. Magnus Health is completely web-based, and therefore, has built-in disaster recovery. Personal information is online, stored on off-site servers, and backed up on multiple additional servers located around the country. With Magnus Health, should a disaster strike, health information is still accessible so you can resume operations quickly, without having to recollect information.