Security Policy
Protecting your health information with enterprise-grade security
Last updated: August 17, 2025
At Neuvora, we are committed to maintaining the highest standards of security and privacy for all healthcare information. This security policy outlines our comprehensive approach to protecting patient data, ensuring compliance with healthcare regulations, and maintaining the trust our patients and healthcare providers place in our platform.
Our security framework is designed around the principles of confidentiality, integrity, and availability, ensuring that healthcare information is protected against unauthorized access, modification, or disclosure while remaining accessible to authorized users when needed.
1. Data Protection & Privacy
All patient health information (PHI) maintained within the Neuvora platform is protected in strict accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state privacy regulations. We implement industry-standard encryption protocols, including Transport Layer Security (TLS 1.3) for data in transit and Advanced Encryption Standard (AES-256) for data at rest.
Access to patient data is restricted using role-based access controls (RBAC), ensuring that only authorized healthcare providers directly involved in patient care can access relevant health information. Our data retention policies ensure that information is maintained only as long as legally required for patient care and regulatory compliance.
All data is backed up regularly to secure, encrypted storage systems with geographic redundancy to ensure data availability and disaster recovery capabilities.
2. Access Control & Authentication
Neuvora requires multi-factor authentication (MFA) for all user accounts accessing the platform. This adds an essential layer of security beyond traditional username and password combinations. We support both SMS-based and email-based authentication methods to accommodate different user preferences and organizational requirements.
Our role-based access control system ensures that users can only access information necessary for their specific job functions. Administrative staff regularly review user access permissions, and accounts are automatically disabled after periods of inactivity. Strong password requirements are enforced, including minimum length, complexity requirements, and periodic password updates.
All user sessions include automatic timeout features and secure logout procedures to prevent unauthorized access from unattended devices.
3. Infrastructure Security & Monitoring
Our platform is hosted on Amazon Web Services (AWS), leveraging enterprise-grade cloud infrastructure with built-in security monitoring and threat detection capabilities. AWS CloudTrail provides comprehensive audit logging of all system access and data modifications, creating an immutable record of all activities within our systems.
We utilize AWS Security Hub and Amazon GuardDuty for automated security monitoring and threat detection, which continuously analyzes system behavior to identify potential security threats and unauthorized activities. Automated alert systems notify our technical team immediately of any suspicious activities or potential security incidents.
Regular security assessments are conducted to identify potential vulnerabilities, and we maintain detailed audit logs that are available for compliance reviews and security investigations.
4. Compliance & Regulatory Adherence
Neuvora maintains compliance with the Health Insurance Portability and Accountability Act (HIPAA), including both the Privacy Rule and Security Rule requirements. Our platform undergoes regular compliance assessments to ensure continued adherence to all applicable healthcare data protection laws.
We follow industry best practices based on the NIST Cybersecurity Framework and implement security controls appropriate for healthcare technology systems. Our compliance program includes regular staff training on privacy and security requirements, ensuring that all team members understand their responsibilities in protecting patient information.
Documentation of our security controls and compliance measures is maintained and updated regularly to support audit requirements and demonstrate our commitment to regulatory compliance.
5. User Responsibilities
All users of the Neuvora platform have important responsibilities in maintaining the security of patient information. Users must maintain the confidentiality of their login credentials and never share account access with others. Any suspected security incidents or unauthorized access must be reported immediately to our technical support team.
Users are required to comply with their organization's policies regarding device usage and data handling. This includes using only approved devices and software when accessing patient information, and properly securing any printed materials containing patient data.
Regular security awareness training helps ensure that all users understand current threats and best practices for protecting sensitive healthcare information.
6. Incident Response
Neuvora maintains documented incident response procedures to address potential security threats and breaches. Our technical team is equipped to respond quickly to security incidents during business hours, with escalation procedures for after-hours emergencies.
AWS automated threat detection capabilities provide immediate alerts for suspicious activities, enabling rapid response to potential security incidents. When necessary, we coordinate with law enforcement and regulatory bodies to ensure appropriate handling of security matters.
Post-incident analysis is conducted for all security events to identify opportunities for improvement and implement additional safeguards to prevent similar incidents in the future.
7. Business Continuity & Data Recovery
Our platform utilizes AWS's reliable infrastructure to ensure high availability and business continuity. Automated backup systems create regular copies of all critical data, stored in geographically distributed locations to protect against localized disasters or system failures.
Disaster recovery procedures are tested regularly to ensure rapid restoration of services in the event of system outages. AWS's built-in redundancy and failover capabilities help minimize service disruptions and maintain system availability for healthcare providers and patients.
Emergency communication procedures ensure that stakeholders are notified promptly of any service disruptions and provided with regular updates during recovery efforts.
8. Security Updates & Maintenance
Neuvora maintains a proactive approach to security updates and system maintenance. Security patches and system updates are applied regularly, prioritized based on risk assessment and potential impact on patient data security.
All new features and integrations undergo security testing before deployment to production systems. We regularly review our security architecture to identify opportunities for improvement and ensure that our defenses evolve with the changing threat landscape.
Third-party integrations and vendor relationships are subject to security assessments to ensure that all components of our system maintain appropriate security standards.
Security Contact Information
If you have questions about our security practices or need to report a security concern, please contact our technical support team:
Technical Support & Security
Email: [email protected]
Business Hours: Monday - Friday, 8:00 AM - 6:00 PM EST
For urgent security incidents outside business hours, please email with "URGENT SECURITY" in the subject line for priority handling.
Compliance Officer
For privacy and compliance-related inquiries, including HIPAA matters, please contact our designated compliance officer at [email protected]