Security & Compliance
Patient Data Protection. No Compromises.
HIPAA compliant, SOC 2 Type II certified, end-to-end encrypted. FrontDesk meets the highest security standards so you can focus on patient care.
Built on Trust, Verified by Experts
Independent audits and industry-standard frameworks ensure your data is protected at every layer.
HIPAA Compliant
Fully compliant with the Health Insurance Portability and Accountability Act. We meet all administrative, physical, and technical safeguards required for handling Protected Health Information (PHI).
- Signed Business Associate Agreements (BAAs)
- PHI access logging & audit trails
- Minimum necessary access policy
- Annual HIPAA risk assessments
SOC 2 Type II
Independently audited against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. Our report is available under NDA.
- Annual third-party audit
- Continuous control monitoring
- Security, Availability & Confidentiality
- Report available upon request
Business Associate Agreement
Every healthcare practice receives a signed BAA before any patient data is processed. No exceptions, no extra fees.
- Included with all plans
- Covers all sub-processors
- Custom BAAs for enterprise
- Annual review & renewal
Defense in Depth, By Design
Security is embedded in every layer of the FrontDesk platform — from infrastructure to application code.
End-to-End Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Voice calls encrypted with SRTP. No unencrypted data touches our systems.
SSO & SAML
Enterprise single sign-on via SAML 2.0. Integrates with Okta, Azure AD, Google Workspace, and custom identity providers.
Role-Based Access Control
Granular permissions per user and location. Admins, managers, and staff each see only what they need.
Data Isolation
Multi-tenant architecture with strict data isolation. Each practice's data is logically separated with zero cross-tenant access.
Audit Logging
Complete audit trail for every action — logins, data access, configuration changes, and API calls. Logs retained for 7 years.
Automatic Backups
Continuous database replication with point-in-time recovery. Daily snapshots retained for 90 days across multiple regions.
SOC 2 Infrastructure
Hosted on AWS with SOC 2, ISO 27001, and FedRAMP certified infrastructure. US-based data centers with no offshore processing.
99.9% Uptime SLA
Redundant, multi-availability-zone architecture. Real-time monitoring, automatic failover, and a public status page.
Incident Response
24/7 security monitoring with automated alerting. Defined incident response procedure with < 1 hour initial response time on critical issues.
Secure Integrations
OAuth 2.0 for all PMS/EHR integrations. No credentials stored — token-based access with automatic rotation.
Secure Development
Code reviews, static analysis (SAST), dependency scanning, and penetration testing on every release. No code ships without security review.
Data Retention Controls
Configurable data retention policies per practice. Automatic purging of call recordings, transcripts, and PHI according to your schedule.
Our Security Journey
Security and compliance are ongoing commitments, not one-time checkboxes.
HIPAA compliance program established; first BAAs signed.
SOC 2 Type I audit completed with zero exceptions.
SOC 2 Type II audit completed. Penetration test by third-party firm.
SSO/SAML support launched. Role-based access controls expanded.
End-to-end voice encryption (SRTP) deployed. Data residency options added.
Security FAQ
Common questions from compliance teams and practice administrators.
Ready to See Our Security in Action?
Schedule a security-focused demo or request our SOC 2 report.
Setup in 10 minutes•Cancel anytime