Compliance and security the best DPCs already trust
Security
Encrypted at Rest
Patient data is encrypted at rest with AES-256 across our core data stores — primary database, file storage, and block storage.
Encrypted in Transit
Connections between your browser and our servers are encrypted with TLS, with TLS 1.3 supported, so data is protected on the wire.
Least-Privilege Access
Patient data is partitioned by practice, and direct production access is limited to a small, authorized group.
Compliance documents
Request any of our current security and compliance documents — we'll follow up by email.
Security Overview
A current-state summary of our security posture, infrastructure, and HIPAA program.
HIPAA Safeguards Mapping
How our program maps to the HIPAA Security Rule administrative, technical, and physical safeguards.
Subprocessor List & Vendor Management
The vendors in our core PHI-processing and support stack, their BAA status, and how we manage them.
Data Handling, Retention & Privacy
What PHI we process, where it lives, and our current retention, deletion, and recovery posture.
Security Questionnaire Responses
Question-by-question diligence responses based on our current operating environment.