Compliance & Security

Every patient relationship is built on trust, which must be protected by an unwavering security foundation.

We built BridgeInteract so you can offer frictionless access without ever compromising on security. From check-in to payment, safeguarding your patients' sensitive health information is our highest priority. For us, compliance is never just a checklist — it's an ongoing commitment to ensuring your patients feel safe, respected, and completely secure at every digital touchpoint.

Soc 2

SOC 2

BridgeInteract holds SOC 2 certification, an independent audit that verifies how third-party SaaS and cloud providers manage and protect your data.

Developed by the American Institute of CPAs, SOC 2 evaluates vendors against five trust service principles: security, availability, processing integrity, confidentiality, and privacy. For any organization evaluating a SaaS vendor that will touch patient data, SOC 2 certification should be the minimum bar.


ONC Certification

ONC Certification

BridgeInteract v3 is certified by SLI, an Office of the National Coordinator-Authorized Certification Body (ONC-ACB), in accordance with certification criteria adopted by the Secretary of Health and Human Services (HHS).

The platform helps provider groups meet requirements for MIPS, MACRA, and Stage 3 Meaningful Use programs. BridgeInteract also complies with the USCDI data set and the CURES Act.


HIPAA

HIPAA

BridgeInteract is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which establishes privacy and security standards for protected health information across the healthcare industry.

Our business practices are audited annually by a third party, Compliancy Group. Our systems are audited on a more frequent basis throughout the year.


PCI Compliance

PCI Compliance

BridgeInteract applies PCI cybersecurity guidelines across development and infrastructure. As a standing practice, we do not host, transmit, or store credit card information. All credit card processing is handled through certified payment gateway partners.


PIPEDA

PIPEDA and Canadian Data Residency

BridgeInteract is fully compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial laws including Ontario's PHIPA.

All personal health information for our Canadian partners is hosted on secure servers located within Canada. Data sovereignty is guaranteed: sensitive information stays under Canadian legal jurisdiction and fulfills provincial data residency requirements at all times. Our platform supports all 10 Fair Information Principles, including accountability, clear consent protocols, and guaranteed patient data access within the 30-day legal window.


Encryption in Transit

Encryption in Transit

BridgeInteract applies strong TLS encryption across all data in transit. Our configurations are updated regularly in accordance with NIST recommendations on TLS versions and cipher-suite strength. This applies to every connection the platform makes, without exception.


Firewall and Network Security

Firewall and Network Security

BridgeInteract uses advanced firewalls configured to perform deep packet inspection (DPI) on all communications. The platform also uses web application firewalls (WAFs) with custom rulesets and additional Cloudflare services to protect against application-layer threats.


Hosting
Hosting

Hosting Infrastructure

BridgeInteract exclusively uses Amazon Web Services and Google Cloud Platform for application hosting. We use only the HIPAA-compliant cloud services offered by both providers.


Trademark Notice: All product names, logos, and brands are the property of their respective owners. All company, product, and service names used on this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.