We don’t consider security just another feature. It’s the foundation of everything we do.
And for good reason: we built MedChat for the complex security needs of healthcare. We understand how important the responsibility of safeguarding this data is to our customers.
See why some of the top healthcare companies in the world trust us with their data.
MedChat is designed with multiple layers of protection across a distributed, reliable infrastructure. You can chat with patients knowing that Personal Health Information (PHI) is secure.
We encrypt all data, both in transit between our apps and servers, and at rest using the latest recommended secure cipher suites and protocols.
Universal employee background checks, recorded logs of every touchpoint, and role-based permissions on restricted areas are just a few of the ways we keep you safe. Meanwhile, tools like custom password policies and two-step verification help protect your account from unwanted access.
MedChat has been an absolute game changer for HealthWarehouse.com. Thanks to their HIPAA secure system, our company is finally able to deliver the kind of chat service that is expected by today's patient and consumer. We are able to redirect our Call Center Agents to a far more efficient means of addressing patient needs and concerns, which results in vastly improved patient care along with a huge increase in individual employee production. Icing on the cake is the wonderful customer/tech support delivered by the team at MedChat.
Risk assessment, infrastructure as code, continuous integration, secure development lifecycle, automated deployments, strict access and privilege escalation controls, vigilant monitoring, regular audits, incident response, penetration testing, staff training, and so much more.
It's our highest priority to protect patient data from unauthorized access. Robust policies and controls safeguard the collection, use, and disclosure of PHI.
We place strict controls over our own access to production data within MedChat. Only select senior staff have security clearance to access the systems that store and process Customer Data, and only when absolutely necessary. Technical controls ensure that any access to Customer Data is logged.
As a healthcare technology company, we operate in accordance with all applicable privacy and data protection laws, including HIPAA and HITECH. MedChat signs a Business Associate Agreement (BAA) with every customer and a custom BAA and Master Service Agreement (MSA) with enterprise clients.
We adhere to regulatory and legislative compliance requirements, enforcing our commitment to the highest standards.
Data centers where PHI is stored hold HIPAA/HITECH, HITRUST, ISO 27001, ISO 27017, SOC 1, SOC 2, and SOC 3 compliance.
Our engineering team regularly performs automated and manual application security testing. Their mission? To identify and patch potential security vulnerabilities and bugs on our application.
We also work with third-party security specialists via a sophisticated bounty program. This means the MedChat application consistently undergoes rigorous testing by some of the top security experts in the world.