Encrypted in transit and at rest
Patient data is encrypted as it moves and as it's stored, so it stays protected end to end.
Security, HIPAA, and confidentialityat CurerTech
CurerTech is built for the security and confidentiality behavioral health and addiction care demand — Patient data is protected with encryption, role-based access, and audit trails; we offer a signed business associate agreement (BAA); and the platform is built to support HIPAA and the heightened confidentiality these programs require.
The honest case for switching — including where we're newer than the incumbents.
Protecting data
How does CurerTech protect patient data?
Security is built into the platform, not added on — protecting protected health information (PHI) at every layer.
Role-based access
Staff see only what their role requires, on a least-privilege basis you control.
Audit trails
Access and changes to the record are logged, so there's a clear trail of who did what.
Strong sign-in controls
Authentication and session controls help keep accounts and records secure.
Secure hosting & backups
The platform runs in secure, access-controlled infrastructure with regular backups.
Fictitious sample data
Demos and screenshots use realistic but unmistakably fictitious data — never real patient records.
Compliance
Compliance and confidentiality
Behavioral health and addiction records carry stricter rules than general medicine. CurerTech is built for them.
HIPAA and a signed BAA
We share blended results from clinics on the platform today, rather than claims we can't stand behind.
SUD record confidentiality
Consent management and access controls aligned with 42 CFR Part 2, the federal confidentiality rules that govern substance use disorder (SUD) records.
Consent and release tracking
Granular consent and release management, so information is shared only when and where it's permitted.
Certifications
Independently certified
CurerTech's security and health-IT practices are validated by independent, third-party certifications.
SOC 2 Type II
An independent audit of our security controls over time, covering security, availability, and confidentiality.
ISO/IEC 27001
Certified to the international standard for information security management systems.
ONC Certified Health IT
Certified under the federal ONC Health IT Certification Program for electronic health record standards.
Security questions
Security and HIPAA, answered
What certifications does CurerTech hold?
CurerTech is SOC 2 Type II audited, ISO/IEC 27001 certified, and certified under the ONC Health IT Certification Program, alongside HIPAA alignment and a signed BAA.
Is CurerTech HIPAA compliant?
CurerTech is built for HIPAA compliance, with encryption, role-based access, and audit trails, and we offer a signed business associate agreement (BAA) to covered clinics.
Do you sign a business associate agreement (BAA)?
Yes. A signed BAA is available as part of working with CurerTech.
How is patient data encrypted?
Patient data is encrypted both in transit and at rest, so it stays protected as it moves between systems and while it's stored.
Who can access patient data?
Access is role-based and least-privilege — staff see only what their role requires — and every access is recorded in an audit trail.
How do you handle confidentiality for SUD records?
CurerTech is built to support the federal confidentiality rules that govern substance use disorder records, with consent management, release tracking, and access controls.
Get started
See how CurerTech protects your clinic's data.
Walk through security, access, and compliance with our team on your own workflows.