Our commitment to protecting your practice data
All data encrypted at rest (AES-256) and in transit (TLS 1.3)
Full HIPAA Security Rule compliance with signed BAA for all customers
Role-based access, MFA support, and per-session audit logging
Hosted on enterprise-grade cloud infrastructure (Supabase / Azure)
All Protected Health Information (PHI) and practice data is encrypted at rest using AES-256. All data in transit is protected with TLS 1.3. Database backups are encrypted using the same standards.
PracticeIQ360 supports multi-factor authentication (MFA) for all staff accounts. Access to PHI is role-based and logged with full audit trails. Inactive sessions are automatically terminated after 30 minutes.
Our platform is hosted on Supabase (PostgreSQL) and Azure-backed infrastructure. We do not operate our own physical data centers, eliminating a significant class of physical security risk. Microsoft Azure maintains extensive compliance certifications covering the underlying infrastructure.
We perform regular dependency audits and apply security patches on a continuous basis. Critical vulnerabilities are addressed within 24 hours of discovery.
PracticeIQ360 maintains a documented incident response plan. In the event of a breach affecting PHI, affected customers are notified within 60 days as required by HIPAA. Our HITECH breach notification procedures are available upon request.
We welcome security researchers to responsibly disclose vulnerabilities. Please report security issues to security@practiceiq360.com. We commit to acknowledging reports within 48 hours.
Contact our security team at security@practiceiq360.com.