Data Security & Compliance

We understand the sensitive nature of your data.

You trust us with your sensitive data and Protected Health Information (PHI) and we’re 100% committed to protecting that data on the eVero platform and mobile applications. We adhere to best-in-class practices that put data security first, and our experienced team is armed with world-class tools and continually works to detect, assess, prioritize, and mitigate security risks across our infrastructure. In early 2024 the eVero platform achieved HITRUST r2 certification, renowned as the most comprehensive, transparent, consistent, and high-quality assessment available.

We regularly validate all security controls, refine internal and external processes, and perform stress tests and risk assessments to guarantee that all systems and databases are secure and compliant today and into the future. So you can be confident that your data is always protected and never compromised.

Standards that put data security first.

Platform and mobile apps – Averaging over 99.9% availability, our web and mobile platforms are egularly audited and tested to ensure the highest level of security following the HITRUST framework. Multi-factor Authentication (MFA) and complex password requirements provide extra layers of security to platform logins.

Infrastructure – Our servers are redundantly hosted at multiple geographically dispersed SSAE18 Type II, PCI, NIST, Safe Harbor-compliant data centers, each featuring blended ISP network connectivity, N+1 redundant power, on-site diesel generators, and an efficient hot/cold aisle cooling system design. All locations are staffed and monitored 24/7/365 and are 100% HIPAA Security compliant.

System Workflows – Designed to ensure that all data collected and stored consistently follows enterprise-grade, HIPAA, SSL, and encryption guidelines and is regularly monitored for threats. We also follow recommended best practices for adherence to the HITECH Act and SHIELD Act.

Validated by HITRUST r2, the most comprehensive assessment available.

HITRUST Certification is a globally recognized verification of an organization’s compliance with key regulations and industry-defined security requirements. HITRUST unifies rules from various regulatory and industry frameworks, including HIPAA, providing confidence that data and confidential information are secure. The certification process involves partnering with an authorized External Assessor to pass a comprehensive security evaluation.

The Risk-Based 2-Year (r2) Validated Certification that eVero’s software platform achieved is the most comprehensive and rigorous assessment available. It verifies that eVero’s platform, processes, policies and procedures demonstrate regulatory compliance per standards such as HIPAA, ISO, NIST, SOC 2, CMMC, PCI-DSS, as well as industry-specific data protection regulations.

eVero’s r2 assessment process took over a year and included a review of 271 of our policies and procedures, meeting 236 requirements, and submitting 235 samples and 334 specific pieces of evidence to the independent auditor.

We care about safeguarding your protected health information.

We’re dedicated to keeping your data safe, and satisfying the full extent of data security standards and federal regulations with our software. To demonstrate our commitment to maintaining steadfast compliance with ever-changing HIPAA requirements and regulatory guidelines, the eVero platform has achieved HITRUST r2 Validated Assessment Certification, as verified by independent auditor A-LIGN, and the HIPAA Seal of Compliance Verification™ from Compliancy Group.

Our Security Protocols

Access Controls – Since not all users need the same level of access, role-based access controls are available on all applications and software modules.

Business Continuity & Disaster Recovery – Built-in redundancies for power, hardware, and load balancers, allow our platform to tolerate multiple failures and remain online with minimal impact to users, even during back-end maintenance work.

Data Backup – All data is continuously replicated to multiple geographically diverse data centers located throughout the United States so you always have access to your data.

Network Security – Built-in role-based security, firewalls, filtering, and network restriction via VPCs defend against a wide range of cyber threats, ensuring the confidentiality and integrity of sensitive data transmitted over the network.

Data Encryption – Whether at rest or in transit, all data is encrypted in compliance with industry best practice algorithms and cipher strengths. This means only authorized parties can access your data.

Performance Monitoring – We conduct regular server and application performance tests and proactively monitor all security events and alerts in real-time.

Threat Identification – Continuous monitoring of network activity, patterns, and behavior, combined with AI/machine learning, proactively detects unauthorized and unusual activities.

Scalability – Our technical infrastructure is nimble and elastic to allow us to scale up and across on-demand based on our client needs.

Vulnerability & Penetration Testing – Regular testing conducted by third-party vendors ensures applications and data security. This is a part of our comprehensive cybersecurity strategy to keep your data safe.