Security at Pharos

Our Commitment

At Pharos Health, we believe protecting customer and patient data is central to our product and mission as a company. We recognize the critical importance of safeguarding sensitive health information and are committed to maintaining the highest standards of information security and compliance. Our comprehensive security program ensures that our hospital partners can trust us with their valuable data while we help them streamline their clinical registry abstraction processes.

Multi-Layered Security Approach

Our multi-layered security approach addresses potential threats across all levels of our infrastructure and operations. We employ robust data encryption for both data in transit and at rest, implement strict access controls with role-based permissions, maintain comprehensive audit logging, and enforce secure two-factor authentication for all user access. Our network infrastructure is designed with multiple safeguards to protect against unauthorized access and cyber threats, including firewalls, network segmentation, and intrusion detection systems.

Compliance and Certifications

Pharos is fully HIPAA compliant and currently undergoing SOC2 Type 2 audit certification, demonstrating our commitment to meeting industry-standard security and compliance requirements. We establish Business Associate Agreements (BAAs) with all vendors and subcontractors who process protected health information (PHI) on our behalf, ensuring compliance with HIPAA regulations and outlining each party's responsibilities for data protection.

Secure Development Practices

Our team follows secure coding practices throughout the software development lifecycle, with code reviews, automated testing, and vulnerability scanning to identify and mitigate potential security issues. All Pharos employees receive comprehensive security awareness training covering critical topics such as PHI handling, phishing awareness, password security, and social engineering to ensure a security-conscious culture throughout our organization.

Incident Response

We maintain a robust incident response system with 24/7 on-call coverage to handle security incidents effectively and promptly. Our comprehensive procedures include thorough root cause analysis, and continuous improvement processes to strengthen our security posture over time.

Request Security Whitepaper

Interested in learning more about our security measures? Request our detailed security whitepaper that outlines our security controls, compliance framework, and data protection practices.