Security Overview
At OrthoHuddle, the security of patient data, care team professional information and clinical workflows is a top priority. We're committed to applying industry-leading practices, transparent processes and continuous improvement to earn and maintain your trust.
All communications are encrypted in transit using TLS 1.2 or higher with strong authentication and session management.
Envelope encryption (AES-256-GCM) for all sensitive data with secure infrastructure hosted in compliant facilities.
Least privilege principles, role-based access control, and multi-factor authentication for high-privilege accounts.
VPNs, VPCs, firewalls, and intrusion detection systems to isolate sensitive workloads and minimize attack surface.
Comprehensive audit logs, SIEM integration, and formal incident response procedures.
Regular scanning, annual penetration testing, and systematic patching of all systems.
Secure backups with geographic separation, retention policies, and verified deletion protocols.
Aligned with ISO 27001, ISO 27701, SOC 2, and Australian Privacy Act requirements.
Rigorous vendor evaluation, Data Processing Agreements, and ongoing monitoring of supply chain.
Clear process for security researchers to report vulnerabilities responsibly.
Answers to common questions about data storage, access, breaches, and deletion requests.
Our ongoing commitment to training, process improvement, and staying ahead of threats.
Have questions about security?
If you have any questions about security at OrthoHuddle, or wish for a deeper dive into any element of our controls, please don't hesitate to reach out.
Contact our security team