Summary

Brellium is HIPAA and SOC 2 compliant. Data is encrypted in transit and at rest. Your data is stored in the USA in the cloud.

Flow of Data

1. Brellium makes API call to EMR via HTTPS
2. EMR returns clinical note contents
3. Note written to secure Brellium S3 bucket and encrypted
4. Audit completed in Brellium’s secure AWS/Azure environment
5. Audit results written to Brellium’s secure database powered by AWS RDS
6. Audit results encrypted

FAQ

Is Brellium HIPAA/SOC 2 compliant?

Yes. Brellium is HIPAA compliant and has completed SOC 2 Type I and Type II with Secureframe and the Johanson Group. Reports are available upon request.

Is data encrypted in transit and at rest?

Yes. API requests are made via encrypted HTTPS. Data is encrypted at rest in a secure AWS S3 bucket.

How is my data stored?

All data is stored in a cloud-based, secure, encrypted AWS S3 bucket in an AWS datacenter in Ohio. We have no on-premises or overseas datacenter infrastructure.

Is my data mixed in with Brellium’s other customers?