eSupport Health values the trust you place in us to safeguard your data. We take our responsibility to protect information seriously and strive for complete transparency around our security practices, detailed below. Please also view the Privacy Policy that further details how we handle data.

Physical Security

Our technical infrastructure is hosted in world-class data centers at Amazon Web Services (AWS) and Google, which has achieved regulatory compliance and certification in over a dozen of the highest standards including HIPAA, ISO 27001, SOC Type 1 & 2, and HITRUST CSF.  Physical security controls include 24×7 monitoring, video surveillance, and biometric entry in multi-layered facilities.  For more information about the fortification of AWS by design please visit AWS data center security. Google Data and Security information is also available.


eSupport Health has achieved HIPAA compliance and can therefore accept or process Protected Health Information (PHI) securely in accordance with these standards. eSupport Health re-certifies this compliance annually.

eSupport Health is compliant with the Payment Card Industry’s Data Security Standards (PCI DSS 3.2) and can therefore accept or process credit card information securely in accordance with these standards. eSupport Health re-certifies this compliance annually.

Access Control

Access to eSupport Health’s technology resources is allowed only through secure channels (e.g., VPN/SSH) and requires multi-factor authentication.  Permissions are provided on a “need-to-know” and “least privilege” basis using an Identity and Access Management system (IAM), with permissions reviewed quarterly.

Security Policies

eSupport Health reviews its information security policies on an annual basis. Employees must acknowledge policies annually and undergo additional training such as HIPAA training, PCI, or other skills and development training as necessary to adhere to all applicable specifications and regulations.


We conduct background screening at the time of hire (to the extent permitted by law and applicable countries) and communicate eSupport Health’s information security policies to all personnel, who are required to sign non-disclosure agreements and receive ongoing security training.


eSupport Health technology solutions utilize encryption for data-in-transit and data-at-rest.  All outgoing e-mail messages and attachments will attempt to be sent using encryption automatically and our policy mandates that confidential information must only to be sent using encrypted channels.


Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Development, staging, and production environments are separated – with all changes requiring review and approval prior to being deployed.

Information Security Incident Management

eSupport Health maintains information security incident response policies and procedures covering the initial response, investigation (if necessary), and remediation. These policies are reviewed regularly and tested bi-annually.

Data Breach Notification

Our breach notification procedures are consistent with our obligations to applicable laws and standards. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Business Continuity

AWS & G Suite have guaranteed uptimes over 99.9% and 24/7 e-mail & phone support.

eSupport Health’s databases are backed up and verified regularly. Backups are encrypted and stored to preserve their confidentiality and integrity and are tested regularly to ensure availability.

Your Responsibilities

Keeping your information private and secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also make sure that you have sufficient security on your own devices used to access our services.

Logging and Monitoring

Application and infrastructure systems log information are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance in the event of a security incident.