Compliance

We’re designed for healthcare. We get it.

Olio is encrypted, protected, HITRUST and HIPAA compliant.

Control Details

Security whitepaper available upon request.

Privacy Policy

One or more annual third party audits

HIPAA compliant

Annual third party dynamic application security testing

Cyber Insurance

Monthly vulnerability scans

Formal Mobile Device Management program

Business Continuity and Disaster Recovery Plans tested annually

Security Incident Response Plan tested annually

Annual security awareness training and acknowledgement of security policies

OWASP Top 10 training 
for developers

Ongoing phishing testing

Endpoint protection on all devices: encryption, firewalls, etc.

Access management processes with role 
based access

All data is encrypted at rest using AES 256

All data in transit is encrypted using TLS1.2 
at a minimum

Vendor management process and controls

Authentication controls: SSO, MFA

Change control processes and version control

Audit logging and monitoring 
by a 24/7/365 SOC

Questions or Issues?

If you believe you have found a security vulnerability in Olio or have any other security or privacy concerns, please email it@olio.health.

Manage cases together and 
ensure better outcomes daily.

Sound too good to be true?

See Olio in Action