At Qurvia, we believe protecting sensitive health information isn’t just about compliance—it’s about trust. Our platform was built with security woven into every layer, from how users log in to how data is stored, encrypted, and monitored. We use Microsoft Azure’s secure cloud infrastructure, and we meet or exceed HIPAA and healthcare industry standards.

This page explains the steps we take to keep your data safe, available, and private.

User Access and Management

We carefully manage who has access to data and how that access works:

• Role-based access: Permissions are tied to job roles and functions.

• Strong authentication: Every user has unique login credentials, and Qurvia staff use two-factor authentication.

• Quick response: If someone leaves the company or misuses access, permissions are revoked immediately.

• Annual reviews: We regularly double-check that everyone has the right level of access.

• Workstation security: All Qurvia-issued computers use encrypted drives and strict access controls.

Data Encryption and Storage

Your data is always encrypted—whether stored or moving:

• Data at rest: Everything stored in Azure is encrypted according to our encryption policy.

• Data in transit: All data transfers use TLS 1.2–1.3 encryption.

• U.S.-based storage: All data lives in secure Azure data centers located in Arizona and Virginia.

• Industry standards: Qurvia uses FIPS 140-2–certified cryptographic modules for encryption.

Security Certifications and Compliance

We follow best-in-class standards to make sure Qurvia is always secure:

• Certifications: SOC 2 Type I and II, HIPAA/HITECH compliant.

• Best practices: Our engineers code with OWASP secure coding standards in mind.

• Monitoring & vulnerability management: Azure Security Center and Drata help us scan and monitor continuously.

• Patch management: Security updates are rolled out promptly, following a structured approval process.

Secure Development Lifecycle (SDLC)

Security isn’t an afterthought—it’s part of our development process:

• Secure coding: Our team is trained to prevent vulnerabilities from the start.

• Regular testing: We run both static and dynamic security tests throughout development.

• Automated scans: Code and infrastructure are continuously scanned for issues.

• DevSecOps: Security checks are built right into our DevOps pipeline.

Firewall and Network Security

We use multiple layers of defense to protect our systems:

• Firewall protection: All connections pass through firewalls, with rules updated every quarter.

• Traffic management: Azure Network Security Groups and Kubernetes Network Policies control traffic.

• Network segmentation: Databases and front-end systems are separated to reduce risk.

Incident Response and Monitoring

If something goes wrong, we’re ready:

• Incident response plan: Detailed steps for detecting, responding, and notifying if a security issue arises.

• 24/7 monitoring: Azure Monitor tracks events, logs, and traffic around the clock.

• Independent audits: Regular internal and third-party assessments keep us accountable.

Backup and Disaster Recovery

We prepare for the unexpected so your data stays safe and available:

• Replication: Data is continuously replicated across multiple availability zones.

• Disaster recovery testing: We test our recovery plan every year with both technical and tabletop exercises.

• Secure backups: Backups are encrypted and always kept within the U.S.

Employee Training and Awareness

Security is everyone’s job at Qurvia:

• Annual training: Every employee completes yearly security awareness training.

• Role-specific training: Specialized training for team members involved in incident response and recovery.

• Policy acknowledgment: Every team member confirms their understanding of Qurvia’s security policies and best practices.

🔒 Our Commitment
At Qurvia, we take every step to protect your data—from encryption and monitoring to training and compliance. We’re committed to safeguarding your information so you can focus on what matters most: delivering excellent care.