Carepatron meets a wide range of global compliance standards to ensure your data is secure and your practice stays protected. Our systems and practices have been reviewed and audited against regulations and frameworks, including HIPAA, GDPR, SOC 2, and other relevant standards.
The Health Insurance Portability and Accountability Act is a U.S. law that protects your clients’ health information. It sets rules for how patient data must be stored, accessed, and shared. | |
The General Data Protection Regulation is a European privacy law that gives individuals more control over their personal information. It requires organizations to be clear about how data is used and to protect it carefully. | |
SOC 2 Type 1 | Systems and Organization Controls Type 1 evaluates whether security controls are properly designed at a specific point in time. This review confirms that Carepatron has the right systems and processes in place to protect sensitive data. |
SOC 2 Type 2 | Systems and Organization Controls Type 2 assesses how well security controls operate over time. It helps confirm that Carepatron consistently follows strong security practices in day-to-day operations. |
PHIPA | The Personal Health Information Protection Act protects personal health information in Ontario. It sets expectations for how health data must be collected, stored, and shared. |
PCI DSS | The Payment Card Industry Data Security Standard sets security requirements for handling credit card information. It is designed to reduce fraud and protect payment details. Carepatron meets these standards to ensure payments are processed securely. |
PIPEDA | The Personal Information Protection and Electronic Documents Act is a Canadian privacy law that governs how personal information is collected, used, and disclosed. It focuses on responsibility and transparency. |
NZ Privacy Act 2020 | The Privacy Act 2020 protects personal information in New Zealand and sets rules for how it must be handled. |
Quebec Law 25 | Quebec Law 25 strengthens privacy protections for individuals in Quebec. It adds stricter requirements around data handling and accountability. |
PDPA | The Personal Data Protection Act sets standards for how organizations in Singapore must handle personal information. It focuses on responsible use and transparency. |
Cyber Essentials | Cyber Essentials is a United Kingdom government-backed program focused on protecting against common cyber threats. It confirms that essential security controls are in place to reduce risk. |
TX-RAMP | The Texas Risk and Authorization Management Program sets security standards for cloud services used by Texas state agencies. Meeting these standards helps ensure sensitive data is handled securely. |
CASA Tier 2 | The Cybersecurity Maturity Assessment for Australia (CASA Tier 2) government standards ensure secure handling of sensitive data. |
OAIC – The Privacy Act 1988 | Office of the Australian Information Commissioner - Australia’s Privacy Act 1988 governs how personal information is collected, used, and disclosed. |
For formal documentation, audit reports, and verification of security and compliance practices, please visit the Trust Center. The Carepatron Trust Center is the authoritative source for all official reports, certifications, and proof of adherence to security standards.
Our team will be available to answer any further questions you may have. Just reply via messenger through the Help channel in your workspace.