HIPAA Compliance & Security

Compliance & Security
Are Our Top Priorities

Our technology is HIPAA compliant and our employees follow HIPAA policies and procedures. We understand that sensitive medical information requires the highest levels of security.

Behind Mighty’s modern, user-friendly interface is a secure, sophisticated infrastructure built to protect patient information. We also ensure that all third-party vendors whom we work with are HIPAA compliant.

Architecture Overview

Mighty is designed with multiple layers of protection to ensure that your data can only be accessed by your intended recipients. Here are just a few of the most important technological features we use to keep your data secure:

Hosted on Amazon Web Services

AWS is the gold standard for cloud-computing and used by NASDAQ, Netflix, Pfizer, and SAP, among other Fortune 500 companies. The Virtual Private Cloud (VPC) is an isolated section of AWS reserved for your data so that it is always walled off from the rest of the web. We back up our entire database every 15 minute and store replicas of our database in multiple locations so that we have geographic failover.

Data encryption in-transit and at-rest

All communications and documents on our platform are encrypted via industry standard HTTPS and 256 bit Transport Layer Security (TLS). Your data is encrypted both when it is “at-rest” on AWS servers, as well as when it is being transmitted between the servers and your machines. Communication on our platform is much more secure and controlled than email or Dropbox.

Identity Verification

Per HIPAA policies, we only allow access to patient records to email addresses associated with law firms whose identities we are able to verify. All access is password-protected. This minimizes the risk of identity theft and data breaches.