Data Security Practices

Introduction

Contrast utilizes enterprise-grade security practices to protect our customers' sensitive health information. As a part of this process, we use Drata to continuously monitor our security, privacy, and HIPAA compliance controls.

What is Drata?

Drata is the world's most advanced security and compliance automation platform with the mission to help businesses earn and keep the trust of their users, customers, partners, and prospects. With Drata, Contrast streamlines SOC 2 and HIPAA compliance through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for annual audits. For more information, visit drata.com.

HIPAA Compliance

HIPAA is a federal law that requires various standards to protect sensitive patient health information from being disclosed without a patient's consent or knowledge. With Drata, Contrast has real-time visibility across the organization to ensure the end-to-end security and compliance posture of our systems. Drata's rigorous, independent assessment of Contrast's compliance serves as validation of our team's commitment to protect your sensitive patient health information. We welcome all customers and prospects to contact us for additional information on our security practices, or for review of our compliance reports.

Contrast Security Practices

Continuous Security Monitoring: Contrast uses Drata's automation platform to continuously monitor 100+ internal security controls against the highest possible standards. Automated alerts and evidence collection allow Contrast to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings: Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Penetration Tests: Contrast works with industry leading security firms to perform annual network and application layer penetration tests.

Secure Software Development: Contrast utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption: Data is encrypted both in-transit using TLS and at rest.

Vulnerability Disclosure Program: If you believe you’ve discovered a bug in Contrast’s security, please get in touch at hello@contrastai.com. Our security team promptly investigates all reported issues.

Get started now with 10 free Scribe Lite visits

Begin your journey into the future of healthcare.