Security
Last updated: July 4, 2026
In short: chart2chart runs on Amazon Web Services (AWS) under a Business Associate Agreement, keeps data encrypted both in transit and at rest, and is built with HIPAA requirements in mind.
This page describes, at a high level, how CHART TO CHART, LLC (“chart2chart,” “we,” “us,” or “our”) approaches the security of the chart2chart platform — the system introduced on this website. It is provided for general information for prospective clinic partners and is not a warranty or a complete description of every control.
1. Cloud infrastructure
The chart2chart backend is hosted on Amazon Web Services (AWS), a leading cloud provider with mature physical, network, and operational security controls. We have entered into a Business Associate Agreement (BAA) with AWS, which governs the safeguarding of protected health information handled through the AWS services we use.
2. Encryption in transit
All data exchanged between users and the chart2chart platform is transmitted over encrypted connections using industry-standard Transport Layer Security (TLS). This helps protect information from interception while it travels across networks.
3. Encryption at rest
Data managed by the platform is stored in encrypted form. Encrypting data at rest helps protect it in the event of unauthorized access to the underlying storage.
4. Access controls
Access to production systems and the data they hold is restricted to authorized personnel on a least-privilege basis — team members are granted only the access their role requires, and access rights are reviewed as roles change. Administrative access to our infrastructure is protected with strong authentication.
5. Backups & availability
Platform data is backed up on a regular schedule, and backups are stored in encrypted form. Backups allow us to restore service and data in the event of an operational failure, and we periodically review our recovery procedures.
6. Monitoring & logging
We maintain logs of access to the platform and its data and monitor our infrastructure for signs of unusual or unauthorized activity. Logging supports both operational troubleshooting and the investigation of potential security events.
7. Vulnerability management
We keep the platform’s software components up to date and apply security updates as they become available. We review our code and dependencies for known vulnerabilities as part of our development process and remediate issues based on their severity.
8. HIPAA-informed approach
chart2chart is designed and developed with the requirements of the U.S. Health Insurance Portability and Accountability Act (HIPAA) in mind. We work to align our practices with applicable HIPAA safeguards and to support our clinic partners in meeting their own obligations. Responsibility for HIPAA compliance is shared among the clinic (as covered entity), chart2chart, and our infrastructure providers under the applicable agreements.
9. Ongoing protection & limitations
Security is an ongoing effort, and we continue to review and improve our safeguards over time. That said, no method of transmission or storage is completely secure. While we use strong, industry-standard measures to protect data, we cannot guarantee absolute security.
10. Reporting a concern
If you believe you have found a security vulnerability, please report it to security@chart2chart.com (also listed in our security.txt). We appreciate responsible disclosure and will acknowledge and investigate every report. For general questions about the security of the platform, you can also reach us at support@chart2chart.com.