Security & Compliance
Protecting the Patients Behind the Data
At the Core of Everything We Do
At HealthMark Group, we’re committed to securing and protecting critical information for millions of patients. We comply with applicable federal and state laws pertaining to the privacy and confidentiality of protected health information (PHI) and maintain multiple safeguards to prevent unauthorized access and disclosures.
All of our services and processes comply with the Health Insurance Portability and Accountability Act (HIPAA). Additionally, HealthMark Group is SOC 2 certified. This certification verifies that appropriate controls around the management and safe-guarding of personal data are in place.


By the Numbers
%
Accuracy Rate Driven By Human & Machine Learning Quality Assurance
Annual Patient Information Journey Impacted
How We Keep Data Safe
Secure Infrastructure
Security starts in the design of our system. Our software has been built to protect all data flowing between health systems and our infrastructure. Virtual Private Networks are established with client systems, all data is secured and encrypted at rest and in-transit, and our application and data structure is hosted on Amazon Web Services, a highly scalable cloud computing platform with end-to-end security and privacy features.
On-Pace Compliance
When it comes to compliance, standards are always changing—so we are too. Our in-house legal team monitors proposed and final regulatory rulings, including HIPAA and 21st Century Cures Act. We ensure our technology and process are up-to-date, and coordinate with our Client Success team to keep our clients informed and educated.
Third-Party Security Audits
To ensure that our solutions are ready for anything, we invest in annual third-party security audits, which include penetration testing across HealthMark Group’s entire system and code base.
On-Call Security Team
Our dedicated security team continuously monitors all systems for security patches—and deploys them immediately. The security team also provides personnel training sessions and holds regular committee meetings to review and assess risks, compliance, escalation strategies, and stress-test simulations.