Personal health information security for your peace of mind

We take careful measures in ensuring the information associated with you and your dependants is as safe and private as possible.

PHI and Your Rights

Protecting your phrHero account

The health information stored in your account is valuable. We utilize the industry’s best practices in ensuring that information is secure from all external threats and available only to you.


OAuth2 authentication service is built in to our APIs.

phrHero uses the highest levels of encryption for all patient-user transactions.

Securely stored population health data will always be de-identified, complying with all HIPAA regulations.

Dual-Verification for all phrHero accounts

In addition to your phrHero username and password, you’ll enter a code from your associated email account, adding an extra layer of security.

Organized standards and security



  • Organization
  • phrHero team members must pass a criminal background check as part of the hiring process.
  • We use separate passwords and two-step verification with each device and service.
  • phrHero team members are required to encrypt their hard-drives, utilize strong passwords, and enable screen locking.
  • Application
  • phrHero utilizes Anti-Forgery Tokens (along with other measures) built-in to the OAuth2 transaction requests to prevent CSRF attacks.
  • We rate limit a variety of actions on the phrHero website such as login attempts.
  • We engage in PHI transactions only with whitelisted agents to prevent system vulnerabilities.
  • Authentication
  • Industry standard OAuth2 security is built-in to every phrHero to patient portal transaction.
  • We hash passwords stored in the database, and check for password strength on account creation and reset.
  • phrHero application credentials are SALT encrypted.

Sign up for the phrHero beta