Data Security & Privacy

As clinicians we understand the importance of safe-guarding patient data and we have gone to extra lengths to secure our platform. Below are just some of the features that keep your data safe.

HIPAA Compliance

Our platform is fully HIPAA compliant which means:

  • We meet or exceed the technical requirements of HIPAA in the way our platform is architected and operates
  • We have a host of internal policies, procedures & training to ensure secure management of data
  • We sign Business Associate Agreements with customers & vendors to ensure accountability
  • Best-in-class Encryption

    All data is encrypted at rest and in transit using the latest industry standard technologies. Each database is encrypted using AES-192 with a unique securely managed key. All in-transit communications are over HTTPS using an RSA 2048-bit key, with a Qualys SSL Labs grade of A+.

    Backups, Redundancy and Disaster Recovery

    All data is securely backed-up and replicated across two independent regions every 24 hours. This ensures that even in the case of a catastrophic failure at one site, your data will be safe.

    Two-factor Authentication

    We have implemented two factor authentication using SMS tokens for all new account setup and password reset procedures. This helps remove the risk of compromised credentials and gives you additional peace of mind.

    Network Isolation

    Our platform is provisioned on an isolated network on dedicated resources that is not openly accessible to the internet. Only necessary web services are open to external use through secure load balancers.

    Own your data

    Data collected in your practice and from your patients is owned by you and we will never share identifiable data with any third party other than as necessary to perform the necessary functions of our platform. De-identified aggregate data is used to provide additional functionality within the platform for the benefit of all users.

    Business Associate Agreements

    Working with providers and their organizations and in most cases handling protected health information, HIPAA requires that we sign Business Associate Agreements to assume responsibilities and delineate risk. A business associate agreement is included in our standard terms of service and we are happy to look at custom BAAs for enterprise customers.

    Aptible
    ICHOM
    CONNECT