Security & compliance.
Enterprise-grade infrastructure from Day 1, built for health system requirements.
Security built into everything we do.
Technology
Enterprise-grade security infrastructure with automated monitoring, defense-in-depth architecture, and best-in-class tooling.
Culture
Every team member is trained and accountable for security. Hiring prioritizes security awareness, and data protection is a shared responsibility across the organization.
Continuous improvement
Regular reassessment of security posture, challenging assumptions, and pushing beyond compliance to achieve true resilience.
Audited and certified.
The highest standards of security and compliance, validated by independent auditors.
HIPAA/HITECH
Fully compliant as a Business Associate. BAAs executed with all customers and strict protocols maintained for handling protected health information.
SOC 2 Type II
Independently audited for security, availability, and confidentiality controls. SOC 2 report available upon request.
ISO 27001
Certified information security management system, demonstrating commitment to systematic security practices.
Policy library.
Detailed documentation of our data protection and compliance practices.
Data Protection
Encryption
Data Residency
All customer data stored in AWS data centers in us-east-1 (N. Virginia) and us-west-2 (Oregon). Data does not leave the United States unless explicitly requested.
Data Isolation
Customer data is physically isolated at the database and object store layer with tenant-specific access controls. No customer can access another customer's data.