EHealthVoice AI from EHealthMed is built from the ground up for healthcare compliance. Review our security practices, download our policies, and execute your Business Associate Agreement.
Full Security Rule compliance
Controls aligned with SOC 2 criteria
Data at rest & in transit
High availability infrastructure
Comprehensive policies governing the protection of electronic Protected Health Information (ePHI)
Comprehensive security policy governing the protection of electronic Protected Health Information (ePHI) within the EHealthVoice AI platform, in accordance with the HIPAA Security Rule (45 CFR Part 164, Subpart C).
Policy governing the identification, investigation, and notification procedures for breaches of unsecured Protected Health Information, in compliance with the HIPAA Breach Notification Rule (45 CFR §§164.400-414).
Summary of the annual risk assessment conducted to identify threats and vulnerabilities to electronic Protected Health Information (ePHI) and evaluate the effectiveness of current security measures.
Policy establishing the requirements for HIPAA security and privacy awareness training for all EHealthVoice AI workforce members.
Documentation of all data flows involving Protected Health Information (PHI) within the EHealthVoice AI platform, including data collection, processing, storage, transmission, and disposal.
Policy implementing the HIPAA Minimum Necessary Standard, ensuring that access to and disclosure of Protected Health Information is limited to the minimum amount necessary to accomplish the intended purpose.
Policy governing the creation, maintenance, review, and retention of audit logs for all system activities involving Protected Health Information.
Third-party services that may process Protected Health Information on behalf of EHealthVoice AI. All sub-processors have executed Business Associate Agreements.
Application hosting, database, and storage
Voice calls, phone numbers, and SMS messaging
Payment processing (no PHI transmitted)
Clinical data exchange per patient authorization
EHealthVoice AI has implemented security controls aligned with all five SOC 2 Trust Service Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy). Our controls matrix documents 28 specific controls with their technical implementations.
We are currently in the process of engaging an independent CPA firm to conduct a formal SOC 2 Type I audit, which will verify our control design at a point in time. Following successful Type I attestation, we plan to pursue SOC 2 Type II certification, which evaluates control effectiveness over a sustained observation period (6-12 months).
Our compliance team is available to answer questions, provide additional documentation, or schedule a security review call.