Safeguarding your information

Protecting your privacy is our top priority


For Partners

Hello Heart is committed to complying with HIPAA and our contractual obligations to protect the sensitive information our partners entrust to us. We will be using data you provide to check eligibility, conduct enrollment outreach activities, and facilitate billing. We maintain HITRUST and SOC2 certifications so that, as our partner, you can be confident that your data is in good hands.
For Participants

For Participants

We ensure that we safeguard your protected health information (PHI) according to the requirements of HIPAA and industry best practices. Take a look at our Privacy Policy for details about what information we collect and how we use it to serve you.
we are certified
We are certified

At Hello Heart, we’re committed to protecting your data, and have earned the HITRUST & SOC 2 Type 2 Certifications



All data is stored within the U.S. and encrypted using industry best practices while in transit and at rest.
Enterprise Ready


The nation’s largest organizations trust Hello Heart because of our compliance standards across security, availability, integrity, and confidentiality.
Enterprise Ready


Independent auditors conduct annual compliance and security tests and confirm that we adhere to industry-leading standards for encryption, network management, application security, and policies across our organization.

Compliance and Certifications

Designed to be HIPAA-Compliant1
Designed to be NIST CSF Compliant2
SOC 2 Type 2 Certified
  1. HIPAA Compliance is adherence to the physical, administrative, and technical safeguards outlined in HIPAA, which covered entities and business associates must uphold to protect the integrity of Protected Health Information (PHI).

  2. The NIST Cybersecurity Framework Core is essentially a set of cybersecurity activities, desired outcomes, and applicable references that are common across government and industry. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across an organization from the executive level to the implementation/operations level, from one organization to another, and from one industry to another.