Enterprise-Grade Security for Protected Health Information
HealthOS is built with security and compliance at its foundation. Patient data is protected with layered technical and organizational controls.
Administrative, technical, and physical safeguards aligned to HIPAA requirements.
Security and availability controls aligned to SOC 2 Type II expectations.
Controls mapped to HITRUST CSF domains for healthcare risk management.
Architecture aligned with relevant ONC Health IT expectations.
Security Controls
Defense-in-depth protection for clinical and operational data.
Encryption at Rest & In Transit
AES-256 at rest and TLS 1.3 in transit with managed key controls.
Role-Based Access Control
Granular permissions by role, location, and data type.
Comprehensive Audit Logging
Tamper-resistant logs for access, actions, and data activity.
HIPAA-ready safeguards
Safeguards aligned to HIPAA Security Rule requirements with BAA availability.
SOC 2 Type II Aligned
Documented controls and evidence support available on request.
Network Security
WAF, DDoS protection, and continuous infrastructure monitoring.
Backup & Disaster Recovery
Automated backups, redundancy, and documented RPO/RTO targets.
Multi-Factor Authentication
MFA support with enforceable account policies.
Security in Practice
Detailed capabilities designed for procurement and compliance review teams.
Access Controls
- Role-based access control with granular permissions
- Multi-factor authentication enforcement
- Configurable session timeout and re-authentication policies
- Least-privilege access principles
Auditability
- User identity, timestamp, and action-level logging
- Clinical and administrative workflow activity tracking
- Retention-ready logs for compliance and incident review
- Tamper-resistant log storage
Secure Communications
- Encryption for in-platform messaging
- HIPAA-ready provider and patient communication channels
- Secure file sharing with access controls
- Support for Direct Messaging exchanges
Implementation Security
- Secure deployment practices
- Migration safeguards with validation and reconciliation
- Implementation environments isolated from production data
- Security checkpoints within onboarding
Standards-Based Interoperability
- FHIR R4 APIs for standards-based exchange
- HL7 v2.x support for legacy connectivity
- OAuth 2.0 and scoped authorization
- Encrypted transport for external integrations
Shared Responsibility Model
Security is a shared effort between MVS Cloud and your organization.
MVS Cloud Manages
- Platform infrastructure and uptime
- Application security patches and updates
- Data encryption and key management
- Network security and monitoring
- Backup and disaster recovery
Your Organization Manages
- User account provisioning and deprovisioning
- Authentication and MFA enrollment policies
- Role and permission assignments
- Organizational security training
- Endpoint device security
Data residency within the United States
Infrastructure monitoring and incident response
Business Associate Agreements for eligible customers
Security Documentation
Detailed security documentation is available for prospective and current customers as part of procurement and vendor review.
Documentation is shared under NDA. Contact our team to initiate a security review.
Public claims
This page provides public security posture summaries for initial review and committee alignment.
Under NDA materials
Detailed questionnaires, evidence packages, and implementation-specific controls are shared during formal review.
Ready to replace slow, outdated systems?
See how HealthOS unifies your EMR, billing, prescribing, scheduling, and communications in one platform.