Data Protection & Security.

All stored PHI is encrypted with AES-256. Sensitive environments are segregated with independent keys, access controls, and monitoring.

All data in motion uses TLS 1.2 or higher. Mutual TLS is used for system-to-system integrations with health plan partners.

Encryption keys are stored in Hardware Security Modules (HSMs) and accessed only by authorized personnel under multi-factor authentication.

Files containing PHI use FIPS 140-2 validated algorithms. Role-based permissions are audited, and secure deletion protocols prevent forensic recovery.

All storage hardware uses self-encrypting drive technology. Decommissioned media is wiped to NIST 800-88 standards or physically destroyed.

Continuous monitoring with 24/7 security operations. All PHI access is logged and reviewed for anomalies.