We take security very,
very seriously

Safeguarding your information

Protecting your privacy is our top priority


For Partners

Hello Heart is a HIPAA-covered entity when delivering our solutions to the participants. We are also the Business Associate of our partners. We will be using data you provide to check eligibility and conduct enrollment outreach activities. As the partner, you will always retain ownership of all data that you share with us, and we will protect it in accordance with our customer agreement and BAA.

For Participants

For Participants

We ensure that we safeguard your protected health information (PHI) according to the requirements of HIPAA and industry best practices. Take a look at our Privacy Policy for details about what information we collect and how we use it to serve you.

we are certified
We are certified

At Hello Heart, we’re committed to protecting your data, and have earned the HITRUST & SOC 2 Type 2 Certifications



All data is stored and accessed within the U.S., and every Hello Heart employee working with PHI data is based in the U.S.
Enterprise Ready


The nation’s largest organizations trust Hello Heart because of our compliance standards across security, availability, integrity, and confidentiality.


Independent auditors conduct annual compliance and security tests and confirm that we adhere to industry-leading standards for encryption, network management, application security, and policies across our organization.

Compliance and Certifications

NIST CSF Compliant
SOC 2 Type 2 Certified
  1. HIPAA Compliance is adherence to the physical, administrative, and technical safeguards outlined in HIPAA, which covered entities and business associates must uphold to protect the integrity of Protected Health Information (PHI).

  2. The NIST Cybersecurity Framework Core is essentially a set of cybersecurity activities, desired outcomes, and applicable references that are common across government and industry. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across an organization from the executive level to the implementation/operations level, from one organization to another, and from one industry to another.