Your Trust.
Our Commitment.

At Commure, we understand that trust is earned through transparency, reliability, and integrity.

Our platform powers healthcare innovation while maintaining the highest standards of security, privacy, and compliance. Commure connects care teams, patients, and technology securely — every interaction, every time, because patient data protection isn’t optional.

Security

We take a defense-in-depth approach to security at every layer of our infrastructure.

Data Protection

  • Encryption at Rest: AES-256 encryption for all stored data
  • Encryption in Transit: TLS 1.2+ with perfect forward secrecy
  • Key Management: Hardware security modules (HSMs) and automated key rotation

Access & Identity

  • Multi-Factor Authentication (MFA): Supported across all Commure products to enhance account security
  • Role-based Access Control (RBAC): Principle of least privilege across all systems
  • Single Sign-on (SSO): Enterprise identity provider integration (Okta, Azure AD, Google Workspace)
  • Session Management: Automatic timeout and device fingerprinting

Infrastructure Security

  • Intrusion Detection: 24/7 automated monitoring with real-time alerting
  • DDoS Protection: Multi-layer mitigation at edge and application layers
  • Data Residency: US-based infrastructure in HIPAA-compliant data centers

Security Operations

  • Vulnerability Management: Automated scans and frequent patch cycles
  • Penetration Testing: Annual third-party security assessments

Compliance

Commure adheres to industry-leading frameworks for healthcare data protection.

Staff Safety

Audited by an independent third party (in progress / certified).

Staff Safety

All products and workflows align with HIPAA and HITECH Act standards.

Staff Safety

We support international privacy regulations for data subjects’ rights.

Request Compliance Documents

Privacy

We treat patient and customer data with the respect and protection it deserves.

Our Privacy Principles

  • No data selling: We never sell, rent, or share Protected Health Information (PHI) or customer data
  • Purpose limitation: Data is only processed to deliver, improve, and support our products
  • Data ownership: Customers retain full ownership and control of their data
  • Transparency: Clear documentation of data practices and processing activities

Data Rights

  • Access: Request copies of your data at any time
  • Purpose limitation: Data is only processed to deliver, improve, and support Portability: Export data in standard formats (FHIR, CSV, JSON)
  • Deletion: Request deletion of data subject to legal retention requirements
  • Correction: Update or correct inaccurate information

Data Processing

  • Minimal collection: We collect only data necessary for service delivery
  • Retention limits: Data retained according to documented schedules and customer contracts
  • Subprocessor oversight: All vendors undergo security and privacy reviews
  • Cross-border transfers: Standard Contractual Clauses (SCCs) for international data flows

Reliability & Uptime

Our commitment to reliability ensures healthcare operations run smoothly.

99.9%

Uptime Target

Real-Time Status

status.commure.com

Incident Transparency

All incidents and resolutions are publicly tracked via an Incident.io integration.

Disaster Recovery

Tested quarterly with full backup and recovery plans.

Subprocessors

Commure partners only with vetted subprocessors who meet our security and compliance standards.Each subprocessor undergoes annual security and privacy reviews.

Request Compliance Documents