Overview of Ebility’s Security Practices

At Ebility, we take security seriously. As a company founded by physicians, we know first-hand how critical it is to handle PHI and PII properly. In fact, the need for user-friendly, customized, and affordable data security and protection of PHI was a major inspiration for developing Ebility and remains a core aspect of our mission. We are actively pursuing SOC2 Type II Certification to demonstrate our commitment to protecting the privacy and security of your data, your patient’s data, and that of your organization. We incorporate the administrative, technical, and physical safeguards recognized as best-practices for protecting confidentiality, integrity, availability, and privacy of your data. Please email us at security@ebility.io with any questions. 

Our Security Practices Include the Following:

Strong Data Encryption: 

We follow the best practices for your data. Your data is always encrypted, while at rest and during transmission. Our services are cloud-based eliminating many of the risks that paper-based handles of PHI entails. Our security engineers utilize industry best practices and protocols so your data is protected. 

Testing
Ebility security engineers and programmers create products with security and privacy in mind. They perform rigorous testing and retesting looking for vulnerabilities. Tools and processes are in place to monitor for a multitude of potential threats. Additionally, frequent risk assessments help identify additional potential areas of improvement for privacy and security. 

‍Access Controls: 

We take great care to ensure that your data is seen only by those who need to see it. Our customers are required to utilize 2 factor authentication and single sign on to enter data. Our employees and developers must utilize even more stringent multi factor authentication. We employ strong cryptography controls, regular access reviews, signed BAAs, and configure our infrastructure to accommodate industry best practices to limit unauthorized access of your data. 

Employee Expectations and Training:

Before our employees begin working in our company, they must pass rigorous background checks and complete privacy and security training, both of which are repeated at least annually. We strive to create a culture in which protection of sensitive information is a core component of every interaction we have with your data. We require employees to acknowledge and abide by our information privacy and security policies. 

Company Culture

Ebility employees receive education and support to ensure best practices are followed in regards to privacy and security of data. We encourage open communication and have multiple channels to report any concerns so they can be immediately addressed. Every employee must sign confidentiality agreements as well as code of conduct documents that outline expectations for ethical and safe behavior prior to beginning other work tasks. 

External Audits

Ebility is currently undergoing a rigorous SOC 2 Type II audit to prove our commitment to data privacy and security. 

Privacy 

Please view our Privacy Policy which details how we collect and use data. 

Incident Response

At Ebility, we prepare for privacy and security incidents as a team so that we have plans and procedures in place should a privacy or security event occur. We recognize the need to promptly report any issues of concern in a timely manner to eliminate or minimize and mitigate risks. 
In short, we are here to protect your most sensitive data. Please email us at security@ebility.io with any questions.