Copergrine
Get Started

Trust & Security

Healthcare data deserves a system of record that can prove itself.

Copergrine runs the EMR, telehealth, home-health, and courier platforms behind real clinical care. This page describes the SOC 2-aligned controls that protect that work — and the formal Type I and Type II attestation program now underway.

Tenant isolation

Every practice's records are separated with database-enforced row-level isolation across 38+ PHI-bearing tables — your organization's data is invisible to every other tenant, enforced below the application layer.

Encryption & identity

PHI encrypted at rest, TLS in transit, master-patient-index hashing, passwordless passkeys with MFA on the patient portal, and hard session revocation on every sign-out.

Immutable audit trails

Security-relevant events — sign-ins, PHI access, exports, administrative changes — are written to SOC 2-aligned audit logs with delete-guards protecting the evidence itself.

Continuous evidence collection

Access reviews, restore tests, and dependency scans run on schedule and emit tamper-evident artifacts into a unified evidence repository — so controls are demonstrated continuously, not reconstructed at audit time.

Reliability backbone

Version-controlled scheduled jobs with freshness watchdogs, backup health pulses, and deploy guards — the operational controls that keep clinical systems dependable.

AI governance

Copergrine drafts; your licensed clinician reviews and signs. Every AI suggestion is provenance-logged, nothing auto-signs, and tenant administrators can disable AI features per module.

Where we are on SOC 2

Copergrine operates a formal SOC 2 program: control narratives are authored against the shipped codebase, evidence collection runs continuously, and an attestation console tracks every control family across the Trust Services Criteria. We are progressing through Type I (design of controls) toward Type II (operating effectiveness over time), and this page will carry the report status as the program advances.

Need a security review, a BAA, or our control narratives for procurement? Talk to us →