Security

At Evoke Health, we understand the critical importance of safeguarding residents' health information. Our platform employs industry-leading privacy and security measures to protect all Personal and Personal Health Information (PHI), ensuring the same encryption standards used by your EHR.

1. Comprehensive Compliance

We comply with all applicable privacy laws and regulations to ensure the highest standards of protection, including:

• HIPAA (Health Insurance Portability and Accountability Act)
• PIPEDA (Personal Information Protection and Electronic Documents Act)
• PHIPA (Personal Health Information Protection Act)
• PIPA (Personal Information Protection Act)
2. Certifications and Independent Verification

Our security posture is validated by independent third parties, not just internal policy:

• Cloud Security Alliance (CSA) STAR Level 1 Certified: We maintain CSA STAR certification, demonstrating security in our cloud security controls.
• Annual OWASP ASVS Level 2 Penetration Testing: Every year, an independent third party conducts penetration testing aligned to the OWASP Application Security Verification Standard (ASVS) Level 2.
3. Encryption Standards You Can Trust

All resident health data is encrypted at rest using AES-256 and in transit using TLS 1.2+ — the same advanced encryption technology trusted by EHRs like PointClickCare.

4. Robust Access Controls, Monitoring, and Threat Detection
• Access logs are meticulously maintained and reviewed to ensure that only authorized parties access the data.
• Employees with system access adhere to strict confidentiality agreements, providing an added layer of security.
• Real-time security monitoring, threat detection, and incident response ensure continuous protection against potential cybersecurity risks.