eCareHealth
Solutions
Who We Serve +
Pricing
Resources +
Company +
Start 30-Day Trial Book Free Demo
SECURITY & COMPLIANCE

Enterprise-grade security

PHI is protected by the same standards used by Fortune 500 enterprises. HIPAA, SOC 2 Type II, ONC 2015 certified, ISO 27001 compliant.

Start 30-Day Trial Book Free Demo
Compliance & Certifications

Enterprise-grade security

PHI is protected by the same standards used by Fortune 500 enterprises. Every plan includes BAA at no charge.

HIPAA Compliant

Full HIPAA compliance with technical, administrative, and physical safeguards. Business Associate Agreement (BAA) included with every plan.

SOC 2 Type II

Independently audited annually. Reports available under NDA. Covers security, availability, processing integrity, confidentiality, and privacy.

ONC 2015 Edition Certified

Certified to the ONC 2015 Edition Cures Update criteria. Qualifies for MIPS and Promoting Interoperability program reporting.

ISO 27001

Information Security Management System certified to the international ISO 27001 standard with annual external audits.

FIPS 140-2 Encryption

PHI encrypted at rest with AES-256 (FIPS 140-2 validated) and in transit with TLS 1.3. Encryption keys managed in AWS KMS / HSM.

42 CFR Part 2

Substance use disorder records protected under 42 CFR Part 2 with consent management and segmentation built in.

Security Features

Built for healthcare

Layered defense across infrastructure, application, and access controls.

Multi-Factor Authentication

MFA enforced for all users. SMS, authenticator app, hardware token, and biometric options.

Role-Based Access Control

Granular permissions per role. Audit logs of every PHI access and modification.

Single Sign-On (SSO)

SAML 2.0 SSO for Enterprise plans. Integrates with Okta, Azure AD, Google Workspace, OneLogin.

Automatic Session Timeout

Configurable session timeouts. Force re-authentication for sensitive actions.

Data Loss Prevention

Watermarking, screenshot blocking, copy-paste restrictions, and PHI download monitoring.

Annual Penetration Testing

Independent third-party penetration tests every year. Findings remediated within 30 days.

FAQ

Frequently asked questions

Yes. eCareHealth is HIPAA compliant with technical, administrative, and physical safeguards. BAA is included with every plan at no charge.

Data is stored in AWS US-East and US-West availability zones with automatic failover. All data stays in the US.

Yes. You can export your data at any time in CCDA, FHIR, CSV, or PDF format. Your data is yours, always.

Our incident response team activates within 1 hour of detection. Affected customers are notified per HIPAA breach notification requirements within 60 days.

See it in a 30-minute demo.

Walk through the platform with your practice in mind. Free 30-day trial, no credit card required.

Book Free Demo