Last Modified: July 26, 2023

 

PlanAllies is committed to meeting and exceeding HIPAA data privacy and security requirements. Our Information Security Management Program (ISMP) is a comprehensive set of policies, procedures and technical controls that drives secure practices into all aspects of our business, including recruiting, vetting, training, operating, and auditing our secure platform.  We leverage industry best practices for addressing HIPAA requirements, and we work with third-party auditors to regularly obtain SOC 2 Type II reports validating our security posture. 

​

Data Security

PlanAllies encrypts data that is at rest and in transit for all of our partners. We use tools such as Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices. 

​

Application Security

PlanAllies utilizes some of the industry’s best application security experts for third-party penetration tests. By performing penetration tests, we are able to evaluate the source code, running application, and the deployed environment. PlanAllies uses high-quality static analysis tooling provided by GitHub Advanced Security to secure our product at every step of the development process. 

​

Infrastructure Security

PlanAllies uses Amazon Web Services to host our applications. 

PlanAllies utilizes Vanta as a monitoring tool for security of data, people, devices and vulnerabilities.