Your Trust.
Our Commitment.

At Commure, we understand that trust is earned through transparency, reliability, and integrity.

Our platform powers healthcare innovation while maintaining the highest standards of security, privacy, and compliance. Commure connects care teams, patients, and technology securely — every interaction, every time, because patient data protection isn’t optional.

Security

We take a defense-in-depth approach to security at every layer of our infrastructure.

Data Protection

  • Encryption at Rest: AES-256 encryption for all stored data
  • Encryption in Transit: TLS 1.2+ with perfect forward secrecy
  • Key Management: Automated key rotation to ensure effective encryption

Access & Identity

  • Multi-Factor Authentication (MFA): Supported across all Commure products to enhance account security
  • Role-based Access Control (RBAC): Principle of least privilege across all systems
  • Single Sign-on (SSO): Enterprise identity provider integration
  • Session Management: Automatic timeout and device fingerprinting

Infrastructure Security

  • Intrusion Detection: 24/7 automated monitoring with real-time alerting
  • DDoS Protection: Multi-layer mitigation at edge and application layers
  • Data Residency: US-based infrastructure in SOC2 Type 2-compliant data centers

Security Operations

  • Vulnerability Management: Automated scans and frequent patch cycles
  • Penetration Testing: Annual third-party security assessments

Compliance

Commure adheres to industry-leading frameworks for healthcare data protection.

Security

Audited by an independent third party (in progress / certified).

Regulatory

All products and workflows align with HIPAA and HITECH Act standards.

Privacy

We support international privacy regulations for data subjects’ rights.

Request Compliance Documents

Privacy

We treat patient and customer data with the respect and protection it deserves.

Our Privacy Principles

  • No data selling: We never sell, rent, or share Protected Health Information (PHI) or customer data
  • Purpose limitation: Data is only processed to deliver, improve, and support our products
  • Data ownership: Customers retain full ownership and control of their data
  • Transparency: Clear documentation of data practices and processing activities

Data Rights

  • Access: Request copies of your data at any time
  • Purpose limitation: Data is only processed to deliver, improve, and support Portability: Export data in standard formats (FHIR, CSV, JSON)
  • Deletion: Request deletion of data subject to legal retention requirements
  • Correction: Update or correct inaccurate information

Data Processing

  • Minimal collection: We collect only data necessary for service delivery
  • Retention limits: Data retained according to documented schedules and customer contracts
  • Subprocessor oversight: All vendors undergo security and privacy reviews
  • Cross-border transfers: Standard Contractual Clauses (SCCs) for international data flows

Reliability & Uptime

Our commitment to reliability ensures healthcare operations run smoothly.

View Real Time Status

Subprocessors

Commure partners only with vetted subprocessors who meet our security and compliance standards.Each subprocessor undergoes annual security and privacy reviews.

Request A List of Subprocessors

Contact Us

Have questions about our security or compliance program? Our Security and Privacy teams are here to help.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.