SOC 2 Type II Certified

Enterprise-grade security for healthcare

HIPAA-aware infrastructure, end-to-end encryption, and complete audit trails. Your patient data is protected at every layer.

HIPAA-Aware Infrastructure

Built from the ground up with healthcare compliance in mind. Our infrastructure follows HIPAA technical safeguards and we provide Business Associate Agreements (BAA).

  • Encrypted data at rest and in transit
  • BAA available for all customers
  • Regular compliance audits
  • PHI handling protocols

End-to-End Encryption

All patient data and communications are encrypted using industry-standard AES-256 encryption. Your data is protected at every step.

  • AES-256 encryption standard
  • TLS 1.3 for data in transit
  • Encrypted database storage
  • Secure key management

Complete Audit Logs

Every interaction, data access, and system event is logged and auditable. Full visibility into who accessed what and when.

  • Immutable audit trails
  • Real-time activity monitoring
  • Detailed access logs
  • Exportable compliance reports

Role-Based Access Control

Granular permissions system ensures staff only see what they need to. Configure access levels for different team roles.

  • Custom role definitions
  • Principle of least privilege
  • Multi-factor authentication
  • Session management

Secure Integrations

All third-party integrations use OAuth 2.0 and modern authentication standards. No storing of credentials.

  • OAuth 2.0 authentication
  • API key rotation
  • Webhook signature verification
  • Secure credential storage

SOC 2 Type II Certified

Our infrastructure is SOC 2 Type II certified, ensuring we meet the highest standards for security, availability, and confidentiality.

  • Annual SOC 2 audits
  • Third-party penetration testing
  • Incident response plan
  • 99.9% uptime SLA

Compliance & Certifications

HIPAA Technical Safeguards
Business Associate Agreement (BAA)
SOC 2 Type II Certified
GDPR Compliant
State Privacy Laws (CCPA, CPRA)
PCI DSS for Payment Processing

Need a BAA or Security Documentation?

We provide Business Associate Agreements (BAA) for all customers and can share security documentation, audit reports, and compliance certifications upon request.

How we protect your data

Infrastructure Security

We use AWS GovCloud infrastructure with dedicated VPCs, private subnets, and network isolation. Database backups are encrypted and stored in multiple regions for disaster recovery.

AWS GovCloudPrivate VPCEncrypted BackupsMulti-Region DR

Application Security

Regular security audits, automated vulnerability scanning, and third-party penetration testing ensure your application layer is secure. We follow OWASP Top 10 best practices.

Pen TestingVulnerability ScanningOWASP Top 10Security Audits

Operational Security

Our team follows strict security protocols including background checks, security training, and least privilege access. Incident response procedures are tested quarterly.

Background ChecksSecurity TrainingIncident Response24/7 Monitoring

Questions about security?

Our team is here to answer any security or compliance questions you have