Best-in-class practices that put data security first.

 

At eVero, we are 100% committed to ensuring the protection of our platform, our mobile applications, and our customers’ data and Protected Health Information (PHI). Our experienced team is armed with world-class tools, and continually works to detect, assess, prioritize, and mitigate security risks across our infrastructure.

We regularly validate all security controls, refine internal and external processes, and perform stress tests and risk assessments to guarantee that all systems and databases are secure and compliant.

Our standards

  • Our platform and mobile apps offer high system availability while maintaining the industry standards of data privacy — which are regularly audited and tested to ensure the highest level of security.
  • Our infrastructure is redundantly hosted at multiple geographically-dispersed SSAE18 Type II compliant data centers. Each center features blended ISP network connectivity, N+1 redundant power, on-site diesel generators, and an efficient hot/cold aisle cooling system design. All locations are staffed and monitored 24/7/365 by expert IT professionals and are 100% HIPAA Security compliant.
  • Our system workflows are designed to ensure that all data collected and stored consistently follows the strictest of regulatory compliance guidelines, including recommended best practices for adherence to the HITECH Act and SHIELD Act.

Access Controls – Role-based access controls are available on all applications and software modules.

Business Continuity & Disaster Recovery – Our platforms are redundantly hosted in diverse locations and designed to tolerate multiple hardware failures with minimal customer impact.

Data Backup – All data is continuously replicated to multiple geographically-diverse data centers located throughout the United States.

Data Encryption – Whether at rest or in transit, all data – including databases and storage – is always encrypted in compliance with industry best practice algorithms and cipher strengths.

Network Security – Built-in role-based security, firewalls, filtering, and network restriction via VPCs.

Vulnerability & Penetration Testing – Regular testing conducted by third-party vendors to ensure applications and data security.

Performance Monitoring – We conduct regular server and application performance tests and proactively monitor all security events and alerts in real-time.

Scalability – Our technical infrastructure is nimble and elastic to allow us to scale up and across on-demand based on our client needs.

Protected Health Information

eVero prioritizes the protection of all PHI (Protected Health Information), which includes:

  • Names
  • Addresses
  • Phone Numbers
  • Care-Specific Dates
  • Any other demographic information that can be used to identify an Individual.

Complete PHI data protection requires a team effort between eVero and our clients.  When support is requested via e-mail, we ask that it be done directly, without copying other parties. When responding to the e-mail, our team may verify the sender’s identity using their unique eVero ID number. eVero may exclude cc: copied persons from all e-mail replies.  eVero shall not be responsible if a sender includes PHI in an email request.

We care about safeguarding your protected health information.

We’re dedicated to keeping your data safe, as well as satisfying the full extent of federal regulation within our solutions. To demonstrate our commitment to maintaining steadfast compliance with ever-changing HIPAA requirements and regulatory guidelines, eVero has achieved HIPAA Seal of Compliance Verification™ from Compliancy Group.