Information Security & Privacy

Security & privacy standards
that keep your data safe

Security and privacy standards

We are determined to deliver products and services that are secure and keep the data of our customers and their patients private.

GDPR

Privacy of data is important, even more so for medical records. We ensure our platform is in full compliance with the General Data Protection Regulation (GDPR) – one of the strictest privacy laws in the world.

GDPR

Privacy of data is important, even more so for medical records. We ensure our platform is in full compliance with the General Data Protection Regulation (GDPR) – widely considered to be the most stringent global privacy standard.

 

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires protection and confidential handling of protected health information (PHI). Sign our Business Associate Agreement to process PHI within PMcardio in full compliance with HIPAA.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires protection and confidential handling of protected health information (PHI). Sign our Business Associate Agreement to process PHI within PMcardio in full compliance with HIPAA.

ISO 27001

Our Information Security Management System is certified to ISO 27001, a global standard for managing information security to protect data integrity, confidentiality, and availability.

ISO 27001

Our Information Security Management System is certified to ISO 27001, a global standard for managing information security to protect data integrity, confidentiality, and availability.

SOC 2 Type II

SOC 2 Type II is an audit that evaluates a company’s information security measures over time, ensuring they securely manage data to protect the interests of the organization and the privacy of its clients.

SOC 2 Type II

Powerful Medical adheres to SOC 2 standards, guaranteeing that all data is securely handled to safeguard the interests of our customers and the privacy of their patients.

Organization and product security

Safeguarding information security and privacy.

Localized Data Residency

PMcardio customers who are on the Enterprise Plan have the option to host their data in our US or EU data centers. With ownership over your hosting region, you can ensure we meet your data security goals.
PMcardio supports Data Residency through our Amazon Web Services-operated data centers in Ireland (Europe Region) and the United States.

Localized Data Residency

PMcardio customers who are on the Enterprise Plan have the option to host their data in our US or EU data centers. With ownership over your hosting region, you can ensure we meet your data security goals.
PMcardio supports Data Residency through our Amazon Web Services-operated data centers in Ireland (Europe Region) and the United States.

Encryption

All data sent to and from Powerful Medical is encrypted. Our API and application endpoints are TLS/SSL-only to ensure secure communication with our clients and partners.

Encryption

All data sent to and from Powerful Medical is encrypted. Our API and application endpoints are TLS/SSL-only to ensure secure communication with our clients and partners.

Penetration Tests & Vulnerability Scanning

Powerful Medical uses various security tools to continuously scan for vulnerabilities. Our security team immediately responds to issues raised. Twice yearly we engage third-party security experts to perform detailed penetration tests on Powerful Medical products and infrastructure.

Penetration Tests and Vulnerability Scanning

Powerful Medical uses various security tools to continuously scan for vulnerabilities. Our security team immediately responds to issues raised. At least annually, we engage certified third-party security experts to perform detailed penetration tests on our products and infrastructure.

Incident Response

Powerful Medical implements a protocol for handling security events which includes escalation procedures, rapid mitigation, and root-cause analyses. All employees are educated and trained in our policies.

Incident Response

Powerful Medical implements a protocol for handling security events which includes escalation procedures, rapid mitigation, and root-cause analyses. All employees are educated and trained in our policies. The effectiveness of our information security posture is verified regularly with dedicated disaster recovery tabletop exercises.

Permissions and Authentication

Access to customer data is strictly limited to authorized employees who require it for their job. Powerful Medical services are served 100% over https. We enforce SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on the services we use as well as our own infrastructure and tools.

Permissions and Authentication

Access to customer data is strictly limited to authorized employees only who require it for their job. Powerful Medical services are served 100% over https. We enforce SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on the services we use, as well as our own infrastructure and tools.

Security Posture

Fostering a business culture where quality, compliance, security, and customer focus stand as the foremost priorities. 

Security

Security Team​

Security

Security Team

Powerful Medical employs a dedicated security team, responsible for our security and privacy of our customer’s data. Our security team includes people who’ve played lead roles in designing, building, and operating highly secure Internet-facing systems at global public companies.

Security
Security

Training & Testing

Security

Training an Testing

All employees complete Security and Awareness training annually. The effectiveness of our information security posture is verified regularly with dedicated disaster recovery tabletop exercises.

Security
Security

Policies​

Security

Policies

We have developed a comprehensive set of security policies covering a range of topics. These policies are updated frequently and shared with all employees.

Security

Stay on the pulse with our newsletter.

Your submission was successful