Four people working on computers in a bright office with large windows and white curtains.

Security and Compliance

Built for healthcare.
Designed to earn trust.

Overview

OneRoom OS is built for healthcare environments where security, privacy, and compliance are foundational. The platform applies industry-standard controls across identity, encryption, network security, monitoring, and compliance to protect sensitive clinical and operational data.

Below is a high-level overview of our security posture. If you would like to review additional technical details, security documentation, or discuss deployment considerations, our team is happy to help.



Security FAQs
Request more info
Schedule a demo

Identity and access control

  • Standards-based authentication using OAuth 2.0 and Microsoft Entra ID

  • Multi-factor authentication enforced for all internal users and privileged access

  • Role-based access control aligned to clinical and operational responsibilities

  • Controlled user provisioning and deprovisioning workflows

  • Environment separation across development, staging, and production

Auditing and monitoring

  • Continuous security scanning and posture assessment

  • Centralized audit logging across platform services

  • Database-level logging for access and changes to sensitive data

  • Monitoring and alerting for anomalous or suspicious activity

  • Log retention aligned with operational and compliance requirements

Compliance approach

  • HIPAA-aligned policies and procedures for security, privacy, and workstation use

  • Documented incident response and escalation plan

  • Internal controls aligned with SOC 2 Trust Services Criteria

  • SOC 2 Type II program in progress

  • Ongoing development of compliance documentation and controls

Encryption and network security

  • TLS 1.2 or higher for all data in transit

  • AES-256 encryption for data at rest

  • Secure key management using cloud-managed encryption keys

  • Support for customer-managed key configurations where applicable

  • Protection of sensitive healthcare data, including PHI

Network security and infrastructure

  • Segmented network architecture to isolate services and reduce attack surface

  • Firewall rules and restricted ingress controls

  • Hardened cloud infrastructure configurations

  • Architecture designed to support SIEM integration and centralized security monitoring

Built for healthcare environments

  • Security embedded into platform architecture and workflows

  • Designed to support regulated healthcare delivery at scale

  • Aligned with modern healthcare IT and security practices