Security & Compliance

Protecting the Patients Behind the Data

At the Core of Everything We Do

At HealthMark Group, we’re committed to securing and protecting critical information for millions of patients. We comply with applicable federal and state laws pertaining to the privacy and confidentiality of protected health information (PHI) and maintain multiple safeguards to prevent unauthorized access and disclosures.

All of our services and processes comply with the Health Insurance Portability and Accountability Act (HIPAA). Additionally, HealthMark Group is SOC 2 certified. This certification verifies that appropriate controls around the management and safe-guarding of personal data are in place.

By the Numbers


Accuracy Rate Driven By Human & Machine Learning Quality Assurance

Annual Patient Information Journey Impacted

How We Keep Data Safe

Secure Infrastructure

Security starts in the design of our system. Our software has been built to protect all data flowing between health systems and our infrastructure. Virtual Private Networks are established with client systems, all data is secured and encrypted at rest and in-transit, and our application and data structure is hosted on Amazon Web Services, a highly scalable cloud computing platform with end-to-end security and privacy features.

On-Pace Compliance

When it comes to compliance, standards are always changing—so we are too. Our in-house legal team monitors proposed and final regulatory rulings, including HIPAA and 21st Century Cures Act. We ensure our technology and process are up-to-date, and coordinate with our Client Success team to keep our clients informed and educated.

Third-Party Security Audits

To ensure that our solutions are ready for anything, we invest in annual third-party security audits, which include penetration testing across HealthMark Group’s entire system and code base.

On-Call Security Team

Our dedicated security team continuously monitors all systems for security patches—and deploys them immediately. The security team also provides personnel training sessions and holds regular committee meetings to review and assess risks, compliance, escalation strategies, and stress-test simulations.