palmER Security

Security & HIPAA Compliance

Clinician and patient trust is of the highest priority at palmER. Since 2011, palmER has maintained a perfect security record with zero incidents or data breaches. All data on our platform follows HIPAA-compliant storage and processing protocols, combining established compliance standards with modern cloud security to protect you and the patients you serve.

HIPAA-first architecture

Built with HIPAA compliance at the core. Advanced encryption, robust access controls, continuous monitoring, and adherence to best practices protect patient data.

End-to-end encryption

All data is encrypted at-rest and in-transit. Multiple layers of access controls prevent unauthorized access to our systems and data.

Continuous monitoring

Real-time threat monitoring and automated anomaly detection run 24/7 to identify and address any potential security threats.

Comprehensive safeguards across every layer

palmER implements administrative, technical, and physical security controls to keep your data secure and maintain HIPAA compliance.

Administrative safeguards

All palmER staff undergo background checks and complete annual security awareness training on HIPAA, privacy, and information classification
Regular HIPAA risk assessments to ensure policies remain up-to-date and relevant
All vendors who may process patient information are required to be HIPAA compliant and sign Business Associate Agreements with palmER

Technical safeguards

Access controls ensure only authorized personnel can view or modify data based on their assigned role and permissions
All actions in our systems are logged, who accessed what data, when, and from where, creating a complete audit trail
Network segmentation isolates backend systems from internet-facing applications
Regular vulnerability assessments and penetration testing validate our security measures

Physical & infrastructure safeguards

All data is stored and processed within US data centers with active redundancy
Network security controls and identity management policies protect against unauthorized access
Firewall rules inspect and filter all network traffic to prevent unauthorized access
Multiple redundant systems ensure continuous availability of our services

Data lifecycle protection

Your data is protected at every stage, from the moment it enters our system until it is securely deleted.

Collection & processing

Automatic detection of protected health information ensures data only flows where you intend. All AI models are HIPAA-compliant, and we maintain zero-retention agreements with AI providers to ensure protected health information is never retained or used for training.

Storage & retention

Data is stored in encrypted systems that protect information both at rest and during transmission, ensuring unauthorized parties cannot access it even if intercepted. When data is deleted, it is securely and permanently removed.

Access & auditing

Users only have access to the specific data and features they need for their work. Complete audit logs track all system activity for security and accountability.

Backup & recovery

Automated backups run continuously and are regularly tested to ensure we can quickly restore your data if needed.

Software Development Lifecycle (SDLC)

palmER integrates cybersecurity into its SDLC to ensure security is built into every aspect of our platform.

Secure coding standards and code reviews identify vulnerabilities during development before code is deployed
Static and dynamic application security testing (SAST/DAST) validates code security at multiple stages of development
Automated security scans continuously check the codebase and infrastructure for vulnerabilities
Security checks are integrated into the DevOps pipeline, automating testing and validation at every deployment stage

Business Associate Agreements

palmER automatically incorporates the Business Associate Agreement (BAA) into our platform terms of service, ensuring compliance without requiring any additional steps from users.

Security standards

palmER follows industry-standard encryption protocols (AES-256 for data at rest, TLS 1.2+ for data in transit) and implements security best practices across all infrastructure to protect your data.

Data Sovereignty

All data is stored and processed exclusively within HIPAA-compliant US data centers. palmER does not sell, share, or use your data for any purpose other than providing services to you.

Questions about security?

We're happy to answer any questions about how palmER protects your data and ensures HIPAA compliance. Reach out to learn more.