FormDr is built with security and compliance at its core. We use SSL/TLS encryption to protect data in transit and encrypt ePHI at rest to help safeguard sensitive patient information at every stage of the workflow. Our platform also maintains detailed access controls and audit logs to support accountability and traceability, and we conduct monthly security risk assessments aligned with NIST 800-53 to continuously evaluate and strengthen our security posture. For covered entities and eligible customers, we also provide a Business Associate Agreement (BAA), helping ensure FormDr can be used as part of a HIPAA-compliant environment. Additionally, FormDr is certified SOC 2 Type 2 audited.
