Security and HIPAA

Data security is one of our highest priorities. Eko maintains HIPAA compliant policies, procedures, and technical safeguards for patient and customer data.

Policies and procedures

Eko maintains industry recommended HIPAA compliant policies and procedures for securing patient data.


Eko uses HIPAA compliant and NIST recommended 256-bit AES encryption using managed keys for patient data. Encrypted backups are taken daily.


We conduct nightly backups and regularly test our backups to ensure data recoverability.

BAA agreements

Eko maintains BAA agreements with subcontractors and our hosting providers to ensure HIPAA compliance.

Secure facilities (SOC 2)

Eko is Service Organization Control 2 (SOC 2) certified to keep health system and patient data safe.

Security contact

To report security issues or concerns, please contact:

Was this article helpful?

Your feedback helps us improve our content

Related articles