We take security very, very seriously.

Protecting your privacy is our top priority.

Handshake Icon

For Partners

Hello Heart is a HIPAA-covered entity when delivering our solutions to the participants. We are also the Business Associate of our partners. We will be using data you provide to check eligibility and conduct enrollment outreach activities. As the partner, you will always retain ownership of all data that you share with us, and we will protect it in accordance with our customer agreement and BAA.

People Icon

For Participants

We ensure that we safeguard your protected health information (PHI) according to the requirements of HIPAA and industry best practices. Take a look at our Privacy Policy for details about what information we collect and how we use it to serve you.

Lock Icon

At Hello Heart, we’re committed to protecting your data, and have earned HITRUST Certification status.

Checkmark

Secure

All data is stored and accessed within the U.S., and every Hello Heart employee working with PHI data is based in the U.S.

Checkmark

Enterprise-Ready

The nation’s largest organizations trust Hello Heart because of our compliance standards across security, availability, integrity, and confidentiality.

Checkmark

Validated

Independent auditors conduct annual compliance and security tests and confirm that we adhere to industry-leading standards for encryption, network management, application security, and policies across our organization.  

We’re HIPAA-Compliant1

We’re HITRUST CSF Certified

We’re NIST CSF Compliant2

  1. HIPAA Compliance is adherence to the physical, administrative, and technical safeguards outlined in HIPAA, which covered entities and business associates must uphold to protect the integrity of Protected Health Information (PHI).
  2. The NIST Cybersecurity Framework Core is essentially a set of cybersecurity activities, desired outcomes, and applicable references that are common across government and industry. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across an organization from the executive level to the implementation/operations level, from one organization to another, and from one industry to another.