Security & Compliance
TrustRoom is built from the ground up to protect sensitive health information. Our platform meets the highest standards for healthcare data security.
Compliance & Certifications
HIPAA Compliant
Full compliance with the Health Insurance Portability and Accountability Act.
SOC 2 Aligned
Infrastructure designed to meet SOC 2 Type II trust service criteria.
HITRUST Aligned
Security controls aligned with the HITRUST Common Security Framework.
Technical Safeguards
Our security architecture implements administrative, physical, and technical safeguards required by the HIPAA Security Rule.
Encryption at Rest & in Transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. PHI is never stored unencrypted.
Access Controls & MFA
Role-based access controls with mandatory multi-factor authentication for all user accounts.
HIPAA Audit Logging
Comprehensive, immutable audit trails for all access to Protected Health Information with tamper-proof storage.
Business Associate Agreements
BAAs executed with all subprocessors handling PHI, including cloud infrastructure and third-party services.
Incident Response
Documented incident response procedures with 60-day breach notification in compliance with the HITECH Act.
Infrastructure Security
Hosted on Google Cloud Platform with SOC 1/2/3 and ISO 27001 certified infrastructure. No data leaves US regions.
Our Data Practices
We never sell your data. Your information is never sold, shared with advertisers, or used for marketing purposes.
US-only data residency. All patient data is stored and processed exclusively within the United States.
You own your data. Patients can request a full copy of their records at any time. Providers receive complete data exports upon offboarding.
Minimal data collection. We collect only the information necessary to provide our services and meet regulatory requirements.
Have Security Questions?
Review our legal agreements or reach out to our team for more information about our security practices.