CareHub TherapyCareHub Therapy
Refer a PatientSchedule a Conversation
Data Security

Built to protect sensitive care and claims data

Behavioral-health information and workers' compensation data deserve serious protection. CareHub Therapy applies layered, enterprise-grade safeguards across the entire solution.

Security at every layer

End-to-End Encryption

Strong encryption (AES-256 at rest, TLS 1.3 in transit) protects information across the platform.

Multi-Factor Authentication

MFA is required for accounts, with support for authenticator apps and other verification methods.

Continuous Monitoring

24/7 monitoring with threat detection and a defined, automated incident-response process.

Secure Infrastructure

Reputable, certified cloud infrastructure with redundancy and disaster-recovery capabilities.

Access Controls

Role-based access with least-privilege principles and regular access reviews.

Incident Response

A comprehensive plan with defined procedures for security events and breaches.

Data Encryption

Information is protected with industry-standard encryption throughout its lifecycle:

AES-256 encryption for data at rest with managed key services
TLS 1.3 encryption for data in transit
Database-level encryption with separate key management
Encrypted, geographically distributed backups

Infrastructure Security

Our cloud infrastructure is built on security-first principles:

Reputable, independently audited cloud providers
Network segmentation and a web application firewall
DDoS protection and intrusion detection
Regular vulnerability scanning and penetration testing
Automated security patching and updates

Access Management

Layered access controls guard against unauthorized access:

Role-based access control with fine-grained permissions
Multi-factor authentication required for all accounts
Single sign-on integration with enterprise identity providers
Regular access reviews and prompt deprovisioning
Session management with automatic timeouts

Monitoring & Incident Response

We maintain ongoing monitoring with a rapid, structured response:

Centralized security event monitoring and analysis
Threat detection and behavioral analysis
Defined incident-response and escalation procedures
Comprehensive audit logging and retention

Compliance & Certifications

CareHub Therapy aligns its program with recognized healthcare and security standards:

Business Associate Agreements for protected health information
SOC 2-aligned controls with independent assessments
Security practices informed by ISO 27001 standards
Alignment with applicable state data-protection requirements
Periodic third-party security assessments

People & Practices

Security extends to how our team works:

Background checks for personnel with data access
Regular security-awareness training
Signed confidentiality and security agreements
A secure development lifecycle with code review and testing
Least-privilege access for all systems

Reporting a security concern

If you believe you've found a vulnerability or have a security concern, please reach out through our contact page. We follow responsible-disclosure practices and respond promptly to security reports.

Contact CareHub

This overview describes the security practices CareHub Therapy works to maintain and is provided for general informational purposes. Specific certifications, audit reports, and contractual security commitments are available to qualified partners under appropriate agreements.