MedAgento/
FeaturesPricingBlogAboutContact
Log inSign Up
Secure server infrastructure
Security

Your data,
our obsession

Healthcare data demands the highest standard of protection. MedAgento is built from the ground up with security, compliance, and privacy at every layer.

HIPAA Details Contact Security Team

AES-256

Encryption

24/7

Monitoring

SOC 2

Certified

Free

BAA

Excellent
4.9

Defense in depth

Multiple layers of security protect your data at every level, from the network edge to the database.

Data Encryption

All data is encrypted using industry-standard algorithms. No unencrypted PHI is ever stored or transmitted.

AES-256 encryption at rest
TLS 1.3 in transit
Encrypted database backups
Automatic key rotation

Access Control & Monitoring

Every action is authenticated, authorized, and logged. We follow the principle of least privilege at every layer.

Role-based access control (RBAC)
Per-object ACLs on every record
Session management & auto-expiry
Immutable HIPAA audit logs
Real-time anomaly detection
API rate limiting & throttling

Infrastructure

Our infrastructure is designed for healthcare workloads with redundancy, isolation, and compliance built in.

SOC 2 Type II certified hosting
Network isolation & VPC
DDoS protection
Automated security patching
Geographic redundancy
Disaster recovery & failover

Incident Response

We maintain a documented incident response plan with defined escalation paths and breach notification procedures compliant with HIPAA and state laws.

24/7 security monitoring
Documented response plan
Breach notification within 60 days
Post-incident review & remediation

Security practices

Beyond compliance requirements. The proactive measures we take to keep your practice safe.

Penetration Testing

Annual third-party penetration tests and continuous vulnerability scanning across all surfaces.

Authentication

Secure session tokens, bcrypt password hashing, and optional two-factor authentication for all accounts.

Data Isolation

Multi-tenant architecture with strict data isolation. Each practice's data is logically separated and access-controlled.

Backup & Recovery

Automated daily backups with point-in-time recovery. Backups are encrypted and stored in geographically separate regions.

Device Security

Session management with automatic timeout, device fingerprinting, and the ability to revoke sessions remotely.

Network Security

Web application firewall, intrusion detection, IP allowlisting for admin access, and encrypted internal communications.

Compliance & certifications

We meet the highest standards for healthcare data security and privacy.

HIPAA

Full compliance with all administrative, physical, and technical safeguards. BAA included.

SOC 2 Type II

Annual audit covering security, availability, and confidentiality controls.

TLS 1.3

All data in transit encrypted with the latest transport layer security protocol.

AES-256

Military-grade encryption for all data at rest, including backups and logs.

“During our HIPAA risk assessment, MedAgento was the only EHR vendor that had every safeguard already in place. The BAA was signed within hours, and they provided their SOC 2 report the same day.”
Dr. Michael Torres

Dr. Michael Torres

Compliance Officer, Metro Health Group

Security contacts

Reach the right team for security and compliance inquiries.

Security Team

Vulnerability reports, security questions, SOC 2 requests

security@medagento.com

Compliance

HIPAA inquiries, BAA requests, audit documentation

compliance@medagento.com

Privacy

Data subject requests, privacy policy, data handling

privacy@medagento.com

Security FAQ

Common questions about how we protect your data.

Is MedAgento HIPAA compliant?

Yes. MedAgento is fully HIPAA compliant. We implement all required administrative, physical, and technical safeguards. We execute Business Associate Agreements (BAAs) with all customers and sub-processors.

Where is my data stored?

All data is stored in SOC 2 Type II certified data centers in the United States. Data is encrypted at rest using AES-256 and in transit using TLS 1.3. We do not store data outside the US.

Do you offer a Business Associate Agreement (BAA)?

Yes. We provide a BAA free of charge to all customers. BAAs are typically executed within 24 hours of request. Contact security@medagento.com to get started.

How do you handle security incidents?

We maintain a documented incident response plan with 24/7 monitoring, defined escalation paths, and breach notification procedures compliant with HIPAA (within 60 days) and applicable state laws.

Can I request a SOC 2 report?

Yes. Our SOC 2 Type II report is available upon request under NDA. Contact security@medagento.com and we'll share it within one business day.

Do you perform penetration testing?

Yes. We engage an independent third-party firm for annual penetration testing. We also run continuous automated vulnerability scanning and participate in a responsible disclosure program.

How is data backed up?

Automated daily backups with point-in-time recovery are stored in geographically separate, encrypted locations. Recovery procedures are tested quarterly.

What happens if I delete my account?

Upon account deletion, all PHI is permanently purged within 30 days. Audit logs are retained for 7 years as required by HIPAA. We provide a data export before deletion upon request.

Ready to see our security in action?

Start your 14-day free trial or request our SOC 2 report and BAA. No credit card required.

Start Free Trial View HIPAA Details
MedAgento/

The operating system for modern medicine.

Download on the App StoreGet it on Google Play

Product

  • Features
  • Pricing
  • Integrations
  • Security
  • Download

Resources

  • Documentation
  • Blog
  • Case Studies
  • FAQ
  • Changelog

Company

  • About
  • Contact
  • Careers
  • Partners

Legal

  • Privacy Policy
  • Terms of Service
  • HIPAA Compliance
  • System Status

© 2026 MedAgento. All rights reserved.

Privacy PolicyTerms of Service