Security & Compliance

Emedlogix operates on enterprise-grade cloud infrastructure with multi-region redundancy and 99.9% uptime SLA.

• Hosted on SOC 2 certified cloud providers (AWS / Azure)
• Network segmentation and firewall rules isolate clinical data environments
• Regular vulnerability assessments and penetration testing
• DDoS protection and rate limiting on all API endpoints

• In Transit: All data encrypted using TLS 1.3
• At Rest: AES-256 encryption for all stored data including PHI
• Backup: Automated encrypted backups with point-in-time recovery
• De-identification: Clinical data de-identified per HIPAA Safe Harbor standards before model training

• Multi-factor authentication (MFA) required for all staff and admin accounts
• Role-based access control (RBAC) limiting data visibility per user role
• Privileged access management for infrastructure and database administrators
• Automatic session timeout and audit logging of all access events

• 24/7 security event monitoring with real-time alerting
• Complete audit trail for every code suggestion, acceptance, and rejection
• HIPAA-compliant access logs retained for minimum 6 years
• Annual third-party security audits and SOC 2 Type II assessments

Emedlogix maintains a documented incident response plan compliant with HIPAA Breach Notification Rule requirements.

• Breach detection and containment within 4 hours of identification
• Covered entity notification within 60 days as required by HIPAA
• Post-incident root cause analysis and remediation reporting

All third-party vendors with access to Emedlogix systems or data are required to:

• Maintain their own SOC 2 or equivalent certification
• Sign Data Processing Agreements (DPA) before any data access
• Undergo annual security reviews as part of our vendor management program

To report a security vulnerability, request our security documentation, or inquire about BAA execution:

• Security Team: security@emedlogix.com
• General: info@emedlogix.com
• Phone: +1 (562) 396-8725