Security and Compliance at medaptus  

The security and safety of our teams and our customers’ medical data is of the utmost importance at medaptus. As a company who specializes in the healthcare space, we know how vital it is that your information is kept secure and that’s why we’ve put procedures and safeguards in place to keep your information as protected as possible.  

Security compliance is also a top priority for our parent company, Volaris Group (TSE: CSU), which is why Volaris Group instills strict security protocols and audits every one of their business units.  

Medical data is securely stored in redundant tier IV data centers. We take pride in ensuring our customers’ medical data is 24/7/365 monitored and supported, and secure with the industry’s best and top U.S-based data centers. 

Below is more information on our security policies.  

Information Security Program  


Medaptus’ thorough approach to security and compliance is overseen by the Medaptus Security Officer whose primary responsibilities include managing the company’s data center operations, IT infrastructure, and HIPAA regulatory requirements and compliance. 

Medaptus maintains a full third-party audited systems security plan, that aligns with NIST, HIPAA, and HITRUST controls. 


We are annually audited for security compliance by two independent third-party companies.  

Incident Management  

Should an incident occur, we have a fully trained incident response team that is prepared to handle any event.  

Security Awareness Training 

Medaptus maintains a security and awareness training program for all team members.  All of our employees undergo HIPAA and security training continuously throughout the year. 

Data and Privacy Policy  

Your data is secure with the industry’s best and top geographically dispersed US-based data centers. All data and services are U.S based and never leave U.S territories. Data is always encrypted, at rest and in transmission.  

Since our solutions integrate with other solutions used by our customers (such as EHRs), we also ensure there is end-to-end encryption during the data exchanges. 

Compliance & Certifications 

HIPAA Compliance  

All of our solutions are HIPAA-compliant, and are independently audited by third-party companies to ensure we maintain compliance.   


We work with an industry-leading third party that annually audits our policies, procedures, and systems.

Application and Infrastructure Security 

We work with an industry-leading third party that audits us annually, our policies, procedures and systems.  

From a security standpoint, all releases are audited for vulnerability management and undergo penetration testing by an independent third-party company. 

Additionally, we contract with independent third-parties to do quarterly penetration tests, quarterly network scans, and daily asset vulnerability scans, and Application static and dynamic scans of each release. All SaaS sites are continually monitored for site responsiveness and transaction availability with automatic alerting of Technical Operations team when issues are detected.  

Internally, we’re also auditing for continual vulnerability management. 

We work with two of the largest industry leaders for 24/7 monitored network security and anti-virus. 

Staying Up-to-Date 

Staying up to date on the latest security protocols is of the utmost importance to us. Every year, we work with third-party partners to ensure we’re staying current and staying ahead of any new security protocols and regulations.   

Got any additional questions, comments or concerns? 

Reach out to us at and a member of our security team will be in touch with you shortly.  

Please note, this information is subject to change at any time. 

Get the latest updates and news delivered to your inbox.

Subscribe to our newsletter today.