A Platform You Can Trust

The Kareo Security team regularly scans all Kareo services for vulnerabilities and notifies the appropriate parties to remediate any identified vulnerabilities. In addition, external vulnerability threat assessments are performed regularly by independent security firms. Findings and recommendations resulting from these assessments are categorized and delivered to Kareo leadership and are prioritized for remediation. It is important to note that these scans cover the Kareo services and are not meant to replace any validations by its customers required to meet their specific compliance requirements

Kareo has strict (e)PHI, PCI, and PII handling requirements, which includes tamper-proof disposal systems and processes. Examples include badge-based printing to eliminate the possibility of loose hardcopy documents for unauthorized access or data loss. Using centralized, role-based access permissions helps ensure that access is only provided to specific personnel who need access to perform essential business functions.

Kareo manages a comprehensive set of policies, processes, and control activities that leverage various aspects of Kareo’s overall security program. Kareo has integrated applicable general and cloud-specific security practices identified by leading cloud computing industries and healthcare bodies into the Kareo security program. Kareo continues to monitor these groups for practices that can be implemented to better protect ePHI and PHI data.

Kareo encrypts sensitive data using militarygrade encryption. When sensitive files are sent to Kareo, they are encrypted over the Internet and encrypted again when they are stored in Kareo’s systems. This extra step is taken to minimize the possibility of data loss and unauthorized access.

Security at Kareo begins at the highest level of the company. Executive and senior leadership play important roles in establishing the company’s tone and core values. Every employee is provided with the company’s Code of Business Conduct and Ethics document and completes training upon hiring and on an annual basis thereafter. Developers receive additional training on security practices and tools. Ongoing compliance audits are performed so that employees understand and follow established policies.

Kareo utilizes world class, top tier data centers, firewalls in all data-center and corporate offices, and TLS and application firewalls. Moreover, to ensure Kareo’s network remains secure, the company has 24/7 security monitoring combined with industry-leading 3rd-party threat monitoring, assessment, and protection services

Kareo takes the job of protecting your ePHI data seriously. As part of our security commitment, Kareo has implemented a formal Incident Management Program, which follows the guidelines of local and federal laws for reporting and investigating requirements in accordance with HIPAA rulings.