Automation Studio

Create intelligent bots that automate communication

Reporting Studio

Quickly analyze data to get actionable business insights

Security by Design

Medchat's Security and Privacy team establishes robust policies and controls, monitors adherence to those controls, and continually proves our security and compliance to third-party auditors and security researchers.

Our foundational principles form the basis for our policies:

Security by Design

Medchat's Security and Privacy team establishes robust policies and controls, monitors adherence to those controls, and continually proves our security and compliance to third-party auditors and security researchers.

Our foundational principles form the basis for our policies:

Security by Design

Medchat's Security and Privacy team establishes robust policies and controls, monitors adherence to those controls, and continually proves our security and compliance to third-party auditors and security researchers.

Our foundational principles form the basis for our policies:

01.

Data access must be limited only to employees with a necessary business need and granted based on the principle of least privilege.

02.

Multi-layered security controls should be implemented according to the principle of Defense-in-Depth.

03.

Consistent application of security controls throughout all areas of the enterprise.

04.

Implementing security controls should be iterative, continuously advancing in effectiveness, and with a focus on increased auditability.

Security and Compliance

Medchat maintains SOC 2 Type II certification, HIPAA compliance, and a rigorous independent third-party security testing program.

Hipaa

TYPE

ii

SOC2

01.

Data access must be limited only to employees with a necessary business need and granted based on the principle of least privilege.

02.

Multi-layered security controls should be implemented according to the principle of Defense-in-Depth.

03.

Consistent application of security controls throughout all areas of the enterprise.

04.

Implementing security controls should be iterative, continuously advancing in effectiveness, and with a focus on increased auditability.

Security and Compliance

Medchat maintains SOC 2 Type II certification, HIPAA compliance, and a rigorous independent third-party security testing program.

Hipaa

TYPE

ii

SOC2

01.

Data access must be limited only to employees with a necessary business need and granted based on the principle of least privilege.

02.

Multi-layered security controls should be implemented according to the principle of Defense-in-Depth.

03.

Consistent application of security controls throughout all areas of the enterprise.

04.

Implementing security controls should be iterative, continuously advancing in effectiveness, and with a focus on increased auditability.

Security and Compliance

Medchat maintains SOC 2 Type II certification, HIPAA compliance, and a rigorous independent third-party security testing program.

Hipaa

TYPE

ii

SOC2

Trusted by the most innovative companies in healthcare

Enterprise Grade

Medchat is designed with multiple layers of protection across a distributed, reliable infrastructure.

Every design decision at Medchat begins with the safety and privacy of your data. Risk assessments, infrastructure as code, continuous integration, secure development lifecycle, automated deployments, strict access and privilege escalation controls, vigilant monitoring, regular audits, and a community of top security researchers that ensures no stone goes unturned.

Thank you

I'll check!

Security.

At our core.

Penetration Testing

We partner with independent third-party security specialists to perform comprehensive penetration testing at least twice per year to ensure the security posture of our services is uncompromised.

Data Encryption

We encrypt all data in transit and at rest using the latest recommended secure cipher suites and protocols. Encryption keys are managed via Azure's Transparent Data Encryption (TDE), which prevents direct access by any individuals, including employees of Microsoft Azure and MedChat.

Security Education

Medchat delivers robust security training to all employees from day one, reinforced annually. Our security team shares regular threat briefings with employees to inform them of critical security and safety-related updates that require special attention or action.

Identity & Access Management

Medchat uses Google SSO and 2FA via physical security keys wherever possible to secure our identity and access management. Employees are granted access to applications based on their role and the principle of least privilege.

Web Application Firewall

Medchat deploys a cloud-native WAF that provides complete visibility into our environment and comprehensive protection against the Open Web Application Security Project (OWASP) top 10 security risks.

Vendor Security

Medchat deploys a risk-based approach to third-party vendor security. We thoroughly evaluate all potential partners based on their proposed customer and company data access, integration with our production environments, and more. Once an inherent risk rating has been established, the vendor's security is evaluated to ensure they meet our rigorous partner standards.

The future is automated

The future is automated

The future is automated