The security of your medical data is our top priority.
Specimatch’s best-in-class, HIPAA-compliant data security features:
2048-bit transmission encryption
User data is securely transmitted using a best-in-class 2048-bit TLS/SSL encrypted HTTPS connection. This is the highest standard in online computing.
HIPAA-covered, 256-bit encrypted data storage
At-rest user data is securely stored using 256-bit AES encryption on HIPAA-compliant servers at Amazon Web Services, and uploaded medical files are stored on Box.com’s HIPAA-compliant cloud infrastructure. Both are governed by a HIPAA-covered Business Associate Agreement (BAA).
Continual security monitoring
Daily manual audits and automated bots continually scan the code base for security issues. Usage logs record all software activity, showing who accessed what data. External security monitoring and real-time intrusion detection are handled by Threatstack. Vulnerability testing is routinely performed to ensure user data is guarded with the latest cybersecurity measures.
User data is anonymized
All Private Health Information (PHI) is de-identified and kept separately from Personally Identifiable Information (PII), and is only assembled together in real-time on the user’s device for the duration of an encrypted online session. Users must approve any sharing of their PHI/PII data.
Specimatch does not store any credit card or banking information. Inbound payments are securely processed on PCI-compliant systems at Stripe.com, and outbound payments are securely transferred via PCI-compliant systems at Bill.com. Both payment platforms are accessed using 2048-bit TLS/SSL encrypted HTTPS connection, providing randomized tokens for transactions.
HIPAA-compliant health partners
Dedicated HIPAA Cloud
Precision Medicine Intelligence
PCI-compliant financial partners
Specimatch enables you to better manage your day-to-day cancer care and proactively searches for your latest treatment options.