Security
Security at every layer
Healthcare data requires the highest standards of protection. Here's exactly how Carewix keeps your data safe.
Encryption
- AES-256 encryption at rest for all stored data
- TLS 1.2+ encryption for all data in transit
- Encrypted database backups stored in separate regions
- Secrets management via AWS Secrets Manager
Infrastructure
- Hosted on AWS in HIPAA-eligible services
- Multi-AZ deployment for high availability
- Network segmentation and private VPC architecture
- Automated vulnerability scanning and patching
Access Controls
- Role-based access control (RBAC) across all user types
- Principle of least privilege enforced at infrastructure level
- Multi-factor authentication available for all accounts
- Automatic session timeout after inactivity
Authentication
- Passwords hashed with bcrypt (minimum 12 rounds)
- OAuth 2.0 / SAML support on Enterprise plans
- Account lockout after repeated failed login attempts
- Secure password reset via time-limited tokens
Monitoring & Response
- 24/7 automated anomaly detection and alerting
- Centralized logging with immutable audit trails
- Incident response plan with defined SLAs
- Security events reviewed by our engineering team daily
Compliance
- HIPAA-aligned architecture and BAA available
- PIPEDA and PHIPA compliance for Canadian operations
- SOC 2 Type II audit in progress
- Annual penetration testing by third-party firm
Certifications & Standards
Built to meet the standards your clients require
HIPAA-Aligned
PIPEDA-Aligned
PHIPA-Aligned
SOC 2 Ready
256-bit Encryption
AWS-Powered
Responsible Disclosure
Found a vulnerability?
We take security reports seriously. If you've discovered a potential security issue in Carewix, please disclose it responsibly and we'll respond within 48 hours.
Report a Vulnerabilitysecurity@carewix.com