encountER
encountER
encountER Security

Security & HIPAA Compliance

Patient trust starts with rigorous security. encountER is built from the ground up to meet and exceed HIPAA requirements, so you can focus on patient care — not compliance anxiety.

HIPAA-First Architecture

Every component — from database design to API endpoints — is engineered around HIPAA's Privacy, Security, and Breach Notification Rules.

End-to-End Encryption

All data is encrypted in transit with TLS 1.2+ and at rest with AES-256. Encryption keys are managed through dedicated key management services.

Continuous Monitoring

24/7 automated monitoring, intrusion detection, and real-time alerting ensure threats are identified and addressed immediately.

Safeguards

Comprehensive HIPAA Safeguards

Administrative

  • • Designated Security & Privacy Officers
  • • Workforce security awareness training
  • • Information access management policies
  • • Incident response & breach notification plan
  • • Regular risk assessments & audits

Technical

  • • Unique user identification & authentication
  • • Role-based access controls (RBAC)
  • • Automatic session timeouts
  • • Authentication & administrative event logging

Physical & Infrastructure

  • • HIPAA-eligible cloud infrastructure (AWS)
  • • SOC 2 Type II certified data centers
  • • Network segmentation & firewalls
  • • Automated daily backups with point-in-time recovery
  • • Secure media disposal procedures

Data Lifecycle Protection

Collection

Only the minimum necessary PHI is collected, transmitted over encrypted channels, and validated at ingestion.

Storage

AES-256 encryption at rest in HIPAA-eligible infrastructure with strict access policies and automated key rotation.

Access

Role-based access controls and audit logging for authentication and administrative events.

Backup & Recovery

Automated daily backups with point-in-time recovery, encrypted at rest, retained for 7 days. Disaster recovery procedures tested on a regular cadence.

Software Development Lifecycle

Security is embedded at every stage of our development process, not bolted on after the fact.

  • • Secure coding standards & code review requirements
  • • Automated static analysis & dependency scanning
  • • Isolated staging environments with synthetic data
  • • Change management & version control policies
  • • Vulnerability disclosure & responsible patching

Business Associate Agreements

Encounter Medicine, LLC has signed Business Associate Agreements with all subprocessors that handle Protected Health Information on our behalf, including our cloud infrastructure provider (AWS) and AI model provider (OpenAI). We also provide a Business Associate Agreement to every clinical customer, incorporated into our Terms of Service and accepted at signup.

Security Standards

Our practices align with NIST Cybersecurity Framework, OWASP Top 10, and SOC 2 principles for comprehensive security posture.

Data Sovereignty

All patient data is processed and stored within the United States, in compliance with federal and state healthcare regulations.

Have security questions?

We're happy to discuss our security practices, provide documentation, or arrange a call with our security team.

Contact Security Team