Security

We are 100% committed to ensuring the privacy and security of data accessed through our platform. In fact, we not only meet but exceed all legislative requirements regarding access to Protected Health Information (PHI), maintaining both the letter and the spirit of these critically important laws. Our systems are set up to ensure data security, availability, processing integrity, confidentiality, and privacy.

The Particle Health platform includes:

HITRUST Certification: HITRUST Assessment Certifications offer reliable assurances that an organization is staying up-to-date with the latest security and privacy standards to ensure that sensitive data is effectively and efficiently safeguarded.

SOC 2 Compliance: This ensures that our API platform, which provides digital healthcare providers with access to more than 300 million patient electronic health records (EHRs), is operating with industry-leading data security standards.  

HIPAA Compliance: HIPAA (Health Insurance Portability and Accountability Act) is a law that sets standards for protecting sensitive patient health information. HIPAA requires implementation of measures which keep personal health information confidential and safe from unauthorized access, theft, or misuse. These measures include things like keeping electronic health records secure, training employees on how to handle confidential information, and obtaining consent before sharing your health information with others. By complying with HIPAA, we can help ensure that your personal health information is kept private and secure.

OAuth 2.0 Compliance: Thanks to this authorization protocol, developers on your team can securely and conveniently access our systems.

Multi-factor Authentication: Multi-factor Authentication (MFA) adds an extra layer of security by requiring at least one additional authentication factor beyond the password. This not only protects you as a customer, but also protects the sensitive patient data accessed through our API.

Single Sign-On: More sets of credentials actually create more surface area for security vulnerabilities. Single sign-on (SSO), provided using SAML 2.0, is an authentication method that enables users to securely authenticate with multiple applications using just one set of credentials. Managing one set of credentials allows users and administrators to quickly grant or revoke access to all systems and tools within the organization. 

Audit APIs: Audit APIs allow users to retrieve detailed information about all interactions with your data in Particle Health systems. Get lists of login attempts, full query path URLs, and even a history of notification events.  

‍

General Compliance

• Data at rest is encrypted using Advanced Encryption Standard (AES)
• Google Cloud provides cryptographic authentication and authorization for all inter-service communications
• Mutual TLS for authenticating outgoing Requests
• All PHI is de-identified when used for internal analytics

For more information on our information security practices please contact security@particlehealth.com.

How to report a vulnerability:

If you believe you found a security vulnerability, please report it here.