We understand the sensitive nature of your data.

 

You trust us with your sensitive data and Protected Health Information (PHI) and we’re 100% committed to protecting that data on the eVero platform and mobile applications. We adhere to best-in-class practices that put data security first, and our experienced team is armed with world-class tools and continually works to detect, assess, prioritize, and mitigate security risks across our infrastructure.

We regularly validate all security controls, refine internal and external processes, and perform stress tests and risk assessments to guarantee that all systems and databases are secure and compliant today and into the future. So you can be confident that your data is always protected and never compromised.

Standards that put data security first.

Platform and mobile apps – Averaging over 99.9% availability, our web and mobile platforms maintain the industry standards of data privacy — which are regularly audited and tested to ensure the highest level of security. Multi-factor Authentication (MFA) and complex password requirements provide extra layers of security to platform logins.

Infrastructure – Our servers are redundantly hosted at multiple geographically dispersed SSAE18 Type II, PCI, NIST, Safe Harbor-compliant data centers, each featuring blended ISP network connectivity, N+1 redundant power, on-site diesel generators, and an efficient hot/cold aisle cooling system design. All locations are staffed and monitored 24/7/365 by expert IT professionals and are 100% HIPAA Security compliant.

System Workflows – Designed to ensure that all data collected and stored consistently follows enterprise-grade, HIPAA-compliant, SSL security, and encryption guidelines and is automatically monitored for threats.  We also follow recommended best practices for adherence to the HITECH Act and SHIELD Act.  

Our Security Protocols

Access Controls – Since not all users need the same level of access, role-based access controls are available on all applications and software modules.

Business Continuity & Disaster RecoveryBuilt-in redundancies for power, hardware, and load balancers, allow our platform to tolerate multiple failures and remain online with minimal impact to users, even during back-end maintenance work.

Data Backup – All data is continuously replicated to multiple geographically diverse data centers located throughout the United States so you always have access to your data.

Network Security – Built-in role-based security, firewalls, filtering, and network restriction via VPCs defend against a wide range of cyber threats, ensuring the confidentiality and integrity of sensitive data transmitted over the network.

Data Encryption – Whether at rest or in transit, all data is encrypted in compliance with industry best practice algorithms and cipher strengths. This means only authorized parties can access your data.

Performance Monitoring – We conduct regular server and application performance tests and proactively monitor all security events and alerts in real-time.

Threat Identification – Continuous monitoring of network activity, patterns, and behavior, combined with AI/machine learning, proactively detects unauthorized and unusual activities. 

Scalability – Our technical infrastructure is nimble and elastic to allow us to scale up and across on-demand based on our client needs.

Vulnerability & Penetration Testing – Regular testing conducted by third-party vendors ensures applications and data security. This is a part of our comprehensive cybersecurity strategy to keep your data safe.

 

Protected Health Information

eVero prioritizes the protection of all PHI (Protected Health Information), which includes:

  • Names
  • Addresses
  • Phone Numbers
  • Care-Specific Dates
  • Any other demographic information that can be used to identify an Individual.

Complete PHI data protection requires a team effort between eVero and our clients.  When support is requested via e-mail, we require that it be done directly, without copying other parties. When responding to the e-mail, our team will verify the sender’s identity using their unique eVero ID number. eVero may exclude cc: copied persons from all e-mail replies.  eVero shall not be responsible if a sender includes PHI in an email request.

We care about safeguarding your protected health information.

We’re dedicated to keeping your data safe, as well as satisfying the full extent of federal regulation within our solutions. To demonstrate our commitment to maintaining steadfast compliance with ever-changing HIPAA requirements and regulatory guidelines, eVero has achieved HIPAA Seal of Compliance Verification™ from Compliancy Group.