ENTER's Revenue Cycle Management platform and APIs ensure maximum compliance with security and compliance. ENTER is SOC 2 Type 2 certified.
Our adherence to the strictest security frameworks means peace of mind for both you and your patients.
We have been SOC 2 Type 2 certified since Aug 15, 2022
We are HIPAA compliant and signing a BAA will ensure even stronger data controls.
100% of data stored at rest is encrypted using the latest encryption standards and products.
We have some of the strongest privacy policies in the game. Please review them here.
We engineer our product with your security needs in mind, both its features and the processes we use to make them.
ENTER ensures users can configure roles for each organization they may need to manage, including full access, read and write, and read-only for their users.
ENTER ensures users can configure roles for each organization they may need to manage, including full access, read and write, and read-only for their users.
ENTER ensures users can configure roles for each organization they may need to manage, including full access, read and write, and read-only for their users.
We employ continuous vulnerability and penetration testing both in-house and outsourced.
Our software development lifecycles include linting, unit tests, integration tests, static analysis, and known vulnerability scans.
Passwords are one-way hashed and sensitive keys are encrypted using Amazon KMS.
Security doesn't start or end with us. That's why we follow strict protocols when working with 3rd parties.
ENTER hosts our application using data centers provided by Amazon Web Services and have many monitoring features enabled to ensure availability and security.
Enter ensures all data that we handle is encrypted while in transit (allowing only TLS 1.2+ cipher-suites)
100% of data stored at rest is encrypted using the latest encryption standards and products.
All IAM and user credentials are scoped to only what is necessary to get the job done for that role.
Production and sandbox accounts are provisioned within their own network segmented zones.
We don't store data on-premise
Beyond the smartest frameworks, what makes the difference is working with a team that takes security seriously.
All employees and contractors are trained at least annually on latest data security issues as well as HIPAA compliance.
All employee and contractor devices deploy with leading endpoint protection.
All access granted is continuously reviewed with least privilege philosophy being employed.
All internal resources must be access via a Virtual Private Network which requires two factor authentication.