How does DrChrono keep my information safe?


drchrono Security Measures

We here at drchrono understand the importance around the security of your information. drchrono uses nothing but the most secure servers to ensure your information is stored, and protected to the highest of standards. We store all of your information in a HIPAA compliant SSAE 16 SOC 1 and SOC 2 data center and while you are accessing your information, the data is transported to your device via the secure HTTPS communication protocol.


What does HIPAA stand for and why is it important?

HIPAA - Is the Health Insurance Portability and Accountability Act. It is a requirement of all healthcare providers enacted in 1996 that regulates the interchange of private patient data to help prevent unlawful disclosure or release of their medical information.  

There are 7 requirements that makes something HIPAA compliant. 

1. Transport Encryption: Is always encrypted as it is transmitted over the internet. 

2. Backup: Is never lost, i.e. should be backed up and can be recovered. 

3. Authorization: Is only accessible by authorized personnel using unique, audited access controls. 

4. Integrity: Is not tampered with or altered. 

5. Storage Encryption: Should be encrypted when it is being stored or archived.

6. Disposal: Can be permanently disposed of when no longer needed.

7. Omnibus/HITECH: Is located on the web servers of a company with whom you have a HIPAA Business Associate Agreement (or it is hosted in house and those servers are properly secured per the HIPAA security rule requirements).

To learn more about HIPAA compliancy click here


So, what is SSAE 16 SOC 1 and SOC 2? 


SSAE 16 (Statement on Standards for Attestation Engagements)  - Is an internationally recognized third party assurance audit designed for service organizations. Section No. 16 addresses examination engagements undertaken by a service auditor to report on controls at organizations that provide services to user entities when those controls are likely to be relevant to user entities' internal control over financial reporting. To learn more click here.

Standard for Attestation Engagements No. 16 effectively replaced SAS 70 on June 15th, 2011. 

Service Organization Control (SOC) - These are internal control reports on the services provided by a service organization providing valuable information that users need to assess and address risks associated with an outsourced service. 

SOC 1 & 2 - These are auditors reporting methods that have specific control objectives and criteria to report on SSAE 16. To learn more about this click here.

Having these standards in place makes sure that your information is being securely stored, and regulated to the standards set by the AICPA.   


Please Note: No information is stored locally on your iPad, or computer. It is stored in the cloud and accessed that way. Only the information you export out while signed in to your drchrono account can be stored locally at the location of your choice. Once you export out the information from drchrono it is your responsibility to store it in a HIPAA compliant manner. 


Your Responsibility: Help Us Keep Your Data Secure

While we employ many security measures, there are security issues outside our control that we ask our users to take the necessary precautions to. 

  • Keep your login credentials to yourself
  • Activate two-factor authentication (2FA) on your drchrono account
  • Keep your devices malware free
  • Do not install software, plugins, or add-ons that may compromise your account security
  • Use only secure networks
  • If you download information from drchrono, employ all necessary security measures to safeguard that data, including but not limited to: password protecting your computer, encrypting your device, and restricting access to your local account.
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


Powered by Zendesk