security & compliance

Protecting our customers’ sensitive data is paramount to enabling their success on our platform. Cured is dedicated to achieving the highest security credentials in healthcare and technology

Cured’s platform is HIPAA eligible and able to compliantly manage protected health information (PHI). This is supported by HITRUST certification and SOC 2 Type 2 attestation. Our compliance and security policies and processes are reviewed on an ongoing basis, both internally and externally, to ensure continued effectiveness.

What this means for our customers

We strive to give customers the peace of mind that patient, member, and customer data is protected while ensuring personalized digital engagement is happening safely and securely.  Our commitment to security and compliance enables you to maintain your reputation, protect customers, and stay ahead of the competition.

Trust is a core pillar of our platform, putting us at the forefront of digital marketing and CRM tools built for healthcare. We will continue to deliver on our mission to bring care full circle while ensuring you and your patients are protected.

Guarding protected health information (PHI) by:

  • Encrypting data at rest using Advanced Encryption Standard (AES)
  • Enforcing transport layer security (TLS), known as in-flight encryption, for authenticating and protecting outgoing communications
  • De-identifying PHI for analytics and modeling
  • Security training for all personnel with additional training for the specifically designated employees who have access to customer data
  • Audit trails to analyze and detect suspicious activity
  • Per customer data and credential isolation with multi-factor authentication required for access


These compliance acronyms may sound the same, but essential distinctions exist. The Health Insurance Portability and Accountability Act (HIPAA) details compliance standards, while the Health Information Trust Alliance (HITRUST) is a workable framework and organization that helps you achieve compliance. At Cured, we follow the highest standards and ensure we are HITRUST-compliant and HIPAA-eligible.

Several vendors claim HIPAA eligibility. However, it is important to note no single third party verifies HIPAA compliance. Companies self-identify HIPAA eligibility, meaning you must take their word for it. Their ability to sign a Business Associate’s Agreement with you does not necessarily mean they allow you to store, manage, or use PHI in their platforms. HITRUST certification allows Cured to confidently store PHI and enable our customers to use it appropriately for their needs.

Our certifications

Cured’s platform is HITRUST certified. This certification verifies our compliance with the most rigorous healthcare security standards. 

HITRUST is a third-party organization that delivers data protection standards and certification programs to help organizations safeguard sensitive information, manage information risk, and reach compliance goals. HITRUST is a healthcare-specific certification that verifies a company uses the strictest requirements when handling high-risk data.

Cured adheres to the Health Insurance Portability and Accountability Act (HIPAA) to provide secure communication and storage of patient data. 

HIPAA sets standards for patient data and protecting PHI. The HIPAA privacy and security rules are national regulations for the use, disclosure, and protection of PHI. These regulations establish safeguards for compliance and technical requirements. 

Cured will enter into business associate agreements (BAAs) with relevant partners and customers to ensure HIPAA requirements are satisfied and create liability between parties.

Cured is SOC 2 Type 1 and Type 2 certified. This certification ensures service providers securely manage your data to protect your organization's interests and its clients' privacy.

SOC 2 compliance is a component of the American Institute of Certified Public Accountants (AICPA)’s Service Organization Control reporting platform. These certifications ensure systems are set up for security, availability, processing integrity, confidentiality, and customer data privacy. SOC 2 is a technical audit and requirement that comprehensive information security policies and procedures be written and followed.