As a healthcare technology provider, we take our responsibility to protect data and systems seriously. We're compliant with HIPAA and the SOC-2 framework, and we enforce a comprehensive set of security policies and measures to ensure our client, member, and employee data stays safe.
The Amino platform is SOC 2 certified, which ensures we have the appropriate internal controls in place for secure data management and processing.
We partner with attorneys, security consultants, and healthcare policy experts to ensure HIPAA compliance as a business associate, and provide a HIPAA privacy notice to our members. We undergo an annual third-party HIPAA risk assessment.
We use enterprise-grade encryption to protect PII and PHI from unauthorized access. All communication between Amino members and our application is encrypted in transit, and databases / database backups are encrypted at rest.
To protect our customers' data, Amino practices least-access principles. Member data is only made available to approved employees with roles that require access to perform their primary job duties.
Every third-party vendor used by Amino goes through a thorough internal risk assessment process. We sign business associate agreements (BAAs) with any vendors accessing sensitive client data.
Amino conducts third-party pentests at least annually. In addition to regular pentesting, we also use static and dynamic scanning tools to monitor and detect vulnerabilities, and participate in a bug bounty program.
If you believe you have discovered a vulnerability within Amino’s application, or if you would like to participate in Amino’s bug bounty program as hosted by HackerOne, please contact our Security Engineering team by emailing security@amino.com.
