Your data’s security meanseverything to you. Us too.

We don’t consider security as just another feature. It’s the foundation of everything we do.

And for good reason: we built Medchat for the complex security needs of healthcare. We understand how important the responsibility of safeguarding this data is to our customer.

See why some of the top healthcare companies in the world trust us with their data.

Read our Security Whitepaper

How We Protect You

Medchat is designed with multiple layers of protection across a distributed, reliable infrastructure. You can chat with patients knowing that Protected Health Information (PHI) is secure.

We encrypt all data, both in transit between our apps and servers, and at rest using the latest recommended secure cipher suites and protocols.

Universal employee background checks, recorded logs of every touchpoint, and role-based permissions on restricted areas are just a few of the ways we keep you safe. Meanwhile, tools like custom password policies, SSO, and two-step verification help protect your account from unwanted access.

Industry Best Practices

Risk assessment, infrastructure as code, continuous integration, secure development lifecycle, automated deployments, strict access and privilege escalation controls, vigilant monitoring, regular audits, incident response, penetration testing, staff training, and so much more.


How We Protect Patient Privacy

It's our highest priority to protect patient data from unauthorized access. Robust policies and controls safeguard the collection, use, and disclosure of PHI.

We place strict controls over our own access to production data within Medchat. Only select senior staff have security clearance to access the systems that store and process Customer Data, and only when absolutely necessary. Technical controls ensure that any access to Customer Data is logged.

Internal & External Application Security Testing

Our engineering team regularly performs automated and manual application security testing. Their mission? To identify and patch potential security vulnerabilities and bugs on our application.

We also work with third-party security specialists via a sophisticated bounty program. This means the Medchat application consistently undergoes rigorous testing by some of the top security experts in the world.

HIPAA and HITECH Compliance

As a healthcare technology company, we operate in accordance with all applicable privacy and data protection laws, including HIPAA and HITECH. Medchat signs a Business Associate Agreement (BAA) with every customer and a custom BAA and Master Service Agreement (MSA) with enterprise clients.

We adhere to regulatory and legislative compliance requirements, enforcing our commitment to the highest standards.

Data centers where PHI is stored hold HIPAA/HITECH, HITRUST, ISO 27001, ISO 27017, SOC 1, SOC 2, and SOC 3 compliance.