CrossCures

Security & Governance

CrossCures is built with enterprise-grade security and governance controls to protect patient data and ensure regulatory compliance.

Security architecture

Core Security Features

Access Controls

Role-based permissions ensure users only access data necessary for their clinical responsibilities. Multi-factor authentication and session management enforce strict identity verification.

Role-Based Permissions

Granular permission models align with organizational hierarchies. Clinicians, administrators, and support staff receive tailored access levels based on their roles and responsibilities.

Audit Logging

Comprehensive audit trails track every data access, modification, and export. Immutable logs support compliance investigations and security incident response.

Least-Privilege Architecture

Systems operate with minimal necessary permissions. Data minimization principles ensure only required patient information is processed and stored.

Data Governance Principles

Data Minimization

CrossCures processes only the minimum patient data required for clinical decision support. Unnecessary identifiers and sensitive fields are excluded from ingestion pipelines.

Encryption at Rest and in Transit

All patient data is encrypted using industry-standard AES-256 encryption at rest. TLS 1.3 secures data in transit between systems and endpoints.

Retention and Deletion Policies

Configurable data retention policies align with institutional requirements and regulatory mandates. Automated deletion workflows ensure expired data is securely removed.

Vendor Risk Management

Third-party integrations undergo security assessments and contractual safeguards. Subprocessor agreements ensure downstream vendors meet the same security standards.

Integration & Interoperability

FHIR Pilots & EHR-Native Workflows

CrossCures supports FHIR-based pilots for rapid integration with modern EHR systems. We are actively progressing toward Epic and Cerner-native workflows to enable seamless deployment within existing clinical environments.

Current Capabilities

  • FHIR R4 API integration
  • SMART on FHIR authentication
  • HL7 v2 message parsing
  • RESTful API for custom integrations

In Development

  • Epic App Orchard integration
  • Cerner Code Console deployment
  • Single sign-on (SSO) via SAML/OAuth
  • Bi-directional data sync

Compliance & Certifications

CrossCures is designed to support HIPAA compliance and aligns with industry best practices for healthcare data security. We work closely with institutional compliance teams to ensure regulatory requirements are met.

HIPAA Compliance

SOC 2 Type II (in progress)

HITRUST Alignment

Questions About Security?

Our team is available to discuss security architecture, compliance requirements, and integration details.