CareBridge Connect← Back to Home
HIPAA-compliant architecture · BAA with every facility

Enterprise-grade security built for healthcare.

Your residents’ data deserves the highest level of protection. CareBridge Connect is built on HIPAA-compliant architecture, hosted on SOC 2 Type II-certified infrastructure providers, with end-to-end encryption.

Certifications & Standards

We meet and exceed the security standards required by healthcare organizations and regulatory bodies.

HIPAA-Compliant Architecture

Built to the HIPAA Privacy, Security, and Breach Notification Rules. A BAA is executed with every facility before any PHI is processed through the platform.

SOC 2-Audited Infrastructure

Hosted on infrastructure providers (Supabase, Vercel) that maintain SOC 2 Type II certification. Our own SOC 2 Type II audit is on the roadmap.

AES-256 Encryption at Rest

All data at rest is encrypted using AES-256, the same standard used by financial institutions and government agencies.

TLS 1.3 in Transit

All data transmitted between your devices and our servers is protected with TLS 1.3, the latest transport security protocol.

Infrastructure Partners

We partner with industry-leading infrastructure providers that maintain the highest levels of security certification.

Supabase

SOC 2 Type II, HIPAA-eligible

Database and authentication infrastructure with row-level security, encrypted backups, and HIPAA-eligible configuration.

Vercel

SOC 2 Type II

Application hosting with global CDN, DDoS protection, and automatic SSL certificate management.

Resend

GDPR Compliant

Transactional email delivery for care notifications with high deliverability and data processing agreements.

Data Protection

  • PHI never leaves US infrastructure
  • Encryption at rest (AES-256)
  • Encryption in transit (TLS 1.3)
  • Row-level security — each facility's data is isolated
  • 99.9% uptime SLA

Access Controls

  • Role-based access: Admin, Staff, Primary Family, Family
  • Audit logging on all PHI access events
  • Session management with automatic timeout
  • Multi-factor authentication support

Compliance

We maintain rigorous compliance standards to ensure your facility meets all regulatory requirements.

  • HIPAA Business Associate Agreement (BAA) executed with every facility before any PHI is processed
  • CMS data retention standards — 7-year audit log retention
  • Regular security reviews and vulnerability assessments
  • Incident response and breach-notification timelines defined in the BAA and applicable law
  • Patient/family authorization workflows for every PHI disclosure

Questions about security?

Our security team is available to discuss your compliance requirements, review our security documentation, or schedule a security assessment call.

Contact Security Team

security@carebridgeconnect.ai