NIST SP 800 53 Rev 5
Our security program is based on the National Institute of Standards and Technology (NIST) SP 800 53 Rev 5 at the FISMA Moderate and Privacy baselines. We regularly undergo assessments from a Third Party Assessment Organization (3PAO).
CareEvolution’s Discover (MyDataHelps) and Orchestrate platforms have attained a HITRUST e1 certification. The rigorous Common Security Framework is the gold standard for health data security, incorporating controls from globally-recognized standards such as NIST, HIPAA, and GDPR.
We have been handling Protected Health Information (PHI) for over 20 years for hospitals, insurance companies, and other HIPAA-covered entities. Our platform is based on the same strict privacy and security standards used by electronic health record (EHR) systems.
FDA 21 CFR Part 11
Our platform is designed to comply with Part 11 requirements for electronic records storage and electronic signatures. We make it easy for you to achieve, maintain, and demonstrate compliance.
NIH Authorization to Operate (ATO)
The National Institutes of Health (NIH) has granted us an Authorization to Operate (ATO) for the Discover™ platform. This authorizes use of Discover for NIH-sponsored research studies and projects.
Security research program
We are committed to ensuring the security of your data. Our security research program provides guidelines for security researchers conducting vulnerability discovery.
How we protect your privacy
When you use the CareEvolution platform, you trust us with your information. Respecting privacy is one of our core values. Read our product-specific privacy policies below to learn more about how we keep your data private.