We take data security to heart.
AliveCor is committed to protecting our customers by achieving a high standard of data security and compliance. As our organization scales, we continue to evolve and adapt our data governance and protection strategies, and strive to provide secure technology services to our customers.
AliveCor is certified/third party attested with the following security assurance programs:
HITRUST e1 Certification
AliveCor has attained a HITRUST Essentials 1-year (e1) Certification for Kardia, Kardia Pro, and KardiaComplete platforms, validating our commitment to foundational cybersecurity controls and information risk management. HITRUST e1 Certification demonstrates that these platforms are focused on the most critical controls to demonstrate that essential cybersecurity hygiene is in place. The e1 assessment is one of three progressive HITRUST assessments that leverage the HITRUST CSF framework to prescribe cyber threat adaptive controls that are appropriate for each assurance type.
ISO 27001
ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties. The details of our ISMS certification are publicly available at https://www.schellman.com/certificate-directory
SOC 2 Type 2
Completing the SOC 2 Type 2 examinations with zero exceptions listed implies that AliveCor’s Kardia and KardiaPro platforms meet or exceed the stringent security standards set by the American Institute of Certified Public Accountants (AICPA). The examinations report on AliveCor’s system and the suitability of the design and operating effectiveness of security controls.
HIPAA compliance attestation
HIPAA compliance attestation implies that AliveCor’s Kardia and KardiaPro platforms are compliant with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the Breach Notification Rule. These are a list of established performance criteria across the areas of security, privacy, and breach laid down by the Office of Civil Rights (OCR).