Privacy & Security
CareEvolution is dedicated to building a platform you can trust. Our systems, trusted by customers in government and industry, are designed to meet rigorous security and privacy standards.
NIST SP 800 53 Rev 5
Our security program is based on the National Institute of Standards and Technology (NIST) SP 800 53 Rev 5 at the FISMA Moderate and Privacy baselines. We regularly undergo assessments from a Third Party Assessment Organization (3PAO).
HITRUST Certified
CareEvolution’s Discover (MyDataHelps) and Orchestrate platforms have attained a HITRUST e1 certification. The rigorous Common Security Framework is the gold standard for health data security, incorporating controls from globally-recognized standards such as NIST, HIPAA, and GDPR.
HIPAA compliant
We have been handling Protected Health Information (PHI) for over 20 years for hospitals, insurance companies, and other HIPAA-covered entities. Our platform is based on the same strict privacy and security standards used by electronic health record (EHR) systems.
FDA 21 CFR Part 11
Our platform is designed to comply with Part 11 requirements for electronic records storage and electronic signatures. We make it easy for you to achieve, maintain, and demonstrate compliance.
NIH Authorization to Operate (ATO)
The National Institutes of Health (NIH) has granted us an Authorization to Operate (ATO) for the Discover™ platform. This authorizes use of Discover for NIH-sponsored research studies and projects.
Security research program
We are committed to ensuring the security of your data. Our security research program provides guidelines for security researchers conducting vulnerability discovery.
How we protect your privacy
When you use the CareEvolution platform, you trust us with your information. Respecting privacy is one of our core values. Read our product-specific privacy policies below to learn more about how we keep your data private.
These policies apply to participants in MyDataHelps™ projects, as well as users of apps built on the MyDataHelps platform like SymptomShark™, myFHR™, and SAFER-COVID™.
This policy applies to project coordinators and other users of the MyDataHelps Designer™ platform. Project coordinators and IRBs may also find the MyDataHelps Privacy and Use Policy (for participants) of interest.
These policies apply to users of the Orchestrate™ APIs (Convert, Terminology, and Insight).
This policy applies to the CareEvolution website.