Your trust is
important to us

Health Insurance Portability and Accountability Act (HIPAA)

We meet all requirements established in HIPAA and our processes, services, data storage and transmission practices comply with all applicable legislation.

SOC 2 Type II

SOC 2 Type II audits are conducted annually to evaluate our platform’s security, availability and confidentiality. Our most recent report is available to our providers upon request.

ISO 27001

Our data storage services provider meets ISO 27001 guidelines and is audited annually against SOC 1/SSAE 18 and SOC 2/AT Section 101 and ISAE 3402 standards.

We securely store and encrypt data in local regions to maintain uninterrupted access to patient records.

Data encryption

We use end-to-end encryption so that only authorized users can access patient data. All patient records stored on PocketHealth servers are encrypted using AES-256.

Data storage

Our physical infrastructure complies with healthcare regulations and undergoes regular audits to maintain ISO 27001 certification. We store all records redundantly to ensure 24/7 availability.

PocketHealth’s security framework adheres to ISO 27001/2 ISMS standards and caters to both provider needs and regulatory requirements.

Our approach to information security

• Adhere to the security and compliance requirements of our providers
• Ensure our platform runs smoothly and reliably
• Maintain a robust and highly secure platform
• Operate under a shared responsibility model

Adhere to the security and compliance requirements of our providers

We prioritize the security needs and compliance mandates of our providers. Our cloud provider offers various compliance certifications for network infrastructure and data centers and we carry multiple zones to ensure provider data remains in the country of origin. We also go the extra mile by adhering to additional cloud-based compliance programs.

Ensure our platform runs smoothly and reliably

Maintaining reliable and smooth security operations is integral to PocketHealth. We use a combination of internal and external audits and test our platform regularly through automated and manual processes. We also take a holistic approach to managing security alerts and events to ensure the efficacy of our controls by leveraging modern cloud services automation and robust policies and procedures.

We strive to uphold the highest standards across people and processes, which is accomplished through strict role-based access controls and ongoing employee training. Role-based access controls guarantee that only authorized personnel can access sensitive data. To foster a culture of security awareness, we conduct regular training sessions to increase employees’ understanding of information security threats, security best practices and secure software design principles.

Maintain a robust and highly secure platform

We ensure a robust and compliant platform by applying security protocols at every stage of the PocketHealth life cycle. Our development cycle involves rigorous automated and manual security assessment with an experienced and dedicated team.

We continuously train employees and conduct periodic code reviews to further strengthen our security practices. Our cloud infrastructure spans multiple availability zones and provides a reliable and secure environment for our services. We also leverage advanced security features and implement additional layers of controls within our virtual environment.

Operate under a shared responsibility model

PocketHealth and our cloud provider are responsible for maintaining a secure platform and ensuring it meets all security and reliability standards. As a provider, you share the responsibility of using PocketHealth legally and in accordance with all applicable regulations.

To learn more about our security measures and practices, talk to a member of our team.