HIPAA Compliance

Fully compliant with the Health Insurance Portability and Accountability Act (HIPAA). We implement comprehensive administrative, physical, and technical safeguards.

• Business Associate Agreements (BAAs) available
• Regular HIPAA risk assessments
• Employee training and certification
• Breach notification procedures

SOC 2 Type II

SOC 2 Type II certified for security, availability, processing integrity, confidentiality, and privacy controls.

• Annual third-party audits
• Continuous monitoring and testing
• Comprehensive control framework
• Reports available to enterprise customers

HITRUST CSF

HITRUST Common Security Framework certified, providing comprehensive information protection for healthcare.

• Rigorous security assessment
• Continuous monitoring program
• Industry-specific controls
• Annual recertification

• Encryption: AES-256 encryption for data at rest and in transit
• Access Controls: Multi-factor authentication and role-based access
• Network Security: Firewalls, intrusion detection, and VPN access
• Monitoring: 24/7 security monitoring and incident response
• Backups: Automated, encrypted backups with disaster recovery

• ISO 27001 Information Security Management
• FedRAMP Authorized (in progress)
• GDPR Compliant for international users
• State privacy law compliance (CCPA, etc.)