Compliance & Security

We’re proud to have received SOC 2 certification which is an auditing procedure that ensures third-party vendors such SaaS and cloud computing providers securely manage your data and the privacy of your patients. Developed by the American Institute of CPAs, SOC 2 defines criteria for managing customer data based on five “trust service principles” — security, availability, processing integrity, confidentiality and privacy. For security-conscious organizations, SOC 2 compliance should be a minimal requirement when considering a SaaS provider.

Bridge Patient Portal v3 is certified by SLI, an Office of the National Coordinator-Authorized Certification Body (ONC-ACB) in accordance with the certification criteria adopted by the Secretary of Health and Human Services (HHS). The portal helps provider groups meet requirements for MIPS, MACRA, and Stage 3 Meaningful Use programs.

Bridge is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which defines privacy and security guidelines and standards for the healthcare industry. Besides HIPAA being part of Bridge’s culture, Bridge business practices are audited annually by a 3rd party and its systems are audited even more frequently.

Bridge has extensive knowledge of PCI and adheres to PCI guidelines in their development. As a best practice, Bridge never hosts, transmits or stores credit cards information. Instead, Bridge uses payment gateway partners for all credit card processing.

Bridge uses industry leading COMODO SSL Certificates for 256-bit encrypted data transmission.

Bridge uses Cloudflare for next-generation firewall and security services.

Bridge exclusively uses Amazon Web Services and Google Cloud Platform for application hosting.