Our Approach to Security & Privacy
As clinicians we understand the importance of safe-guarding patient data and we have gone to extra lengths to secure our platform. Below are just some of the features that keep your data safe.
Our platform is fully HIPAA compliant which means:
All data is encrypted at rest and in transit using the latest industry standard technologies. Each database is encrypted using AES-192 with a unique securely managed key. All in-transit communications are over HTTPS using an RSA 2048-bit key, with a Qualys SSL Labs grade of A+.
Backups, Redundancy and Disaster Recovery
All data is securely backed-up and replicated across two independent regions every 24 hours. This ensures that even in the case of a catastrophic failure at one site, your data will be safe.
We have implemented two factor authentication using SMS tokens for all new account setup and password reset procedures. This helps remove the risk of compromised credentials and gives you additional peace of mind.
Our platform is provisioned on an isolated network on dedicated resources that is not openly accessible to the internet. Only necessary web services are open to external use through secure load balancers.
Own your data
Data collected in your practice and from your patients is owned by you and we will never share identifiable data with any third party other than as necessary to perform the necessary functions of our platform. De-identified aggregate data is used to provide additional functionality within the platform for the benefit of all users.
Business Associate Agreements
Working with providers and their organizations and in most cases handling protected health information, HIPAA requires that we sign Business Associate Agreements to assume responsibilities and delineate risk. A business associate agreement is included in our standard terms of service and we are happy to look at custom BAAs for enterprise customers.