Security & Compliance

Empowering healthcare delivery and ensuring security

Making sure your information stays safe is one of the pillars of Healthie. Learn more about how we keep things secure.

Your information is always secure

Healthie's platform meets the highest certification standards for data security and privacy, leveraging industry standards to secure data for you and your clients.

HIPAA-Compliant
Healthie is compliant with US Health Insurance Portability and Accountability Act (HIPAA) regulations. That includes the Privacy, Security, & Breach Notification Rules and the Administrative & Physical Safeguards.
SOC 2 Certified
Security standard relevant to the trust services criteria categories covering security, availability, processing integrity, confidentiality and privacy.
PIPEDA-Compliant
Healthie’s infrastructure protects data in compliance with the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).
PCI-Certified
Healthie’s payment processor is certified as Payment Card Industry (PCI) Service Provider Level 1, the highest possible level.
GDPR-Compliant
The General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions.

We Maintain the Highest Levels of Security and Privacy

Facilities
Physical Security
Our servers are housed in facilities that are protected by biometric security, surveillance systems, and security guards - 24 hours a day, 7 days a week, 365 days a year.
Disaster Recovery
We have a disaster recovery plan in place, including redundant power supplies and data backup.
Data Security
We store data at SOC Type 1- and SOC Type 2-certified facilities.
Activities
Transmission Security
Our website data is encrypted with 256-bit Secure Socket Layer (SSL) technology, whether you’re on a desktop, laptop, tablet, or phone. We use cryptographic keys to authenticate data transfer.
Standards
We use standard transactional codes (CPT, ICD-10) that are based on up-to-date databases and monitored for updates. We monitor state & federal HIPAA rules to ensure compliance is current.
Financial Transactions
We process credit card transactions using secure encryption on a Level 1 PCI-compliant network. We tokenize and encrypt all payment information, and we do not store it ourselves.
Compliance
Access
We offer granular organization-level permissions, to control data access. Healthie employees are trained on security protocols, and we have a company Privacy Officer.
Audits Controls
We keep access logs and audit trails every time patient information is viewed, edited, or deleted. This includes SSH logs, SQL query logs, platform backend activity logs, and Apache logs.
Testing
We are regularly audited by third party penetration testers to ensure compliance meets standards. We also run tests on our own software: we scan our ports, test for SQL injection, and block cross-site scripting.

Customers appreciate our HIPAA, SOC-2, PIPEDA, and 
PCI-compliance

We've maintain rigorous procedures, including security certifications and assessments, third-party review processes, and external accreditations, to support our healthcare organizations.

Confidently store personal health information, including sensitive test results, health conditions, and confidential health records.
Communication with your clients, including via video calls, chat, and other tools is encrypted and private.
Securely store financial data, like credit card numbers, and bank account profiles necessary for payments.
Leverage Healthie's security infrastructure as you sell to payers and health systems
"After evaluating many products and platforms, we decided to use Healthie for their superior provider-centric features, open API, and support team that was impressively responsive and very much hands on."
Avish Bhama, CEO

Launch, grow & scale your business today.