Protecting your data means adapting to new risks and threats. Here’s how we do it.


CareClues has implemented a security program following ISO 27001 framework to establish, implement, maintain and continually improve the information security management system within the context of the organization.


We comply with the rules and regulations of Title II of HIPAA, Final Omnibus Rule, and HITECH cover data privacy. CareClues protects PHI (protected health information) from people who shouldn’t have access to it and ensures the people who do can access securely.


We partner with healthcare providers and industries, keeping security and data protection in mind. We work with them to better understand their impact on overall system security, and we do not hesitate to restrict higher levels of cyber risk.


We are committed to transparency. We will inform you of emerging threats as soon as we identify them, and be upfront about their potential impact and available strategies to mitigate or address vulnerabilities.

Go Inside Our Strategy


  • Our Chief Information Security Officer & security committee govern our information security program.
  • We conduct periodic risk analysis as part of our security management program.
  • We conduct periodic employee background checks.
  • All employees undergo mandatory security awareness training & evaluation.
  • Employees receive limited access to ePHI for performing assigned functions.

Our Organizational & Documentation Requirements


We conduct regular security audits for compliance with established security standards & policies.

We maintain a security violation management procedure in case of data breaches, security incidents & stakeholder notification.

We adopt a risk-based approach to understand & evaluate vulnerabilities for implementing the most appropriate security controls & mitigating risks.

We review & update all policies & procedures periodically & in response to organizational & environmental changes