Skip to content
header-fix
Activate account
Member Login
Security and trust healthcare technology for businesses

Keeping your data safe is our top priority

At Accolade, protecting our members' data is a cornerstone of our security and privacy initiative. This commitment permeates every stage of our process  from our product design and stringent operational security measures to the multiple layers of protection we offer and critical certifications and attestations we maintain. 

Data protection

From secure cloud infrastructure and endpoint protection to regulatory compliance and privacy-first design, Accolade takes a comprehensive approach to safeguarding sensitive information.

  • Cloud datacenter security

    Accolade entrusts its data infrastructure to Amazon Web Services (AWS), our primary Infrastructure as a Service (IaaS) provider. Their comprehensive security and privacy certification practice safeguards our member data. In addition, we go beyond industry standards, ensuring a secure environment where confidentiality and integrity is a top priority for information storage. 

  • HITRUST

    Achieving HITRUST certification showcases Accolade’s commitment to maintaining the highest standards of security and compliance when handling sensitive data within the healthcare industry. 

  • Computer security

    Accolade protects computer systems, networks, and data from unauthorized access, attacks, and other malicious activities. These efforts involve implementing various security measures to safeguard information technology assets. 

  • Data security

    Accolade actively implements controls to safeguard sensitive data, including strong encryption in transit and at rest, least privileged access, minimum necessary usage policies, sophisticated monitoring and alerting of key platform systems, and extensive security awareness.

  • Data protection and privacy

    Accolade is committed to conducting business with integrity, complying with data security and privacy regulations, and protecting personal information according to our Data Protection Policy. Accolade is compliant with federal and state data privacy laws, including HIPAA, CCPA, CPA, and GDPR. 

  • Endpoint security

    Accolade uses enterprise-grade device management and endpoint protection software to oversee all computers within our corporate network. This ensures streamlined control and comprehensive security measures across all devices.

  • Business continuity and disaster recovery

    Accolade has a contingency plan to maintain business continuity with minimal impact to operations, and to enable recovery of Sensitive Information under its care in the event of a disaster. 

  • Security software development lifecycle standard

    Accolade's Software Development Lifecycle (SDLC) standard includes security practices in the planning, development, and release processes. Additionally, our security team reviews any significant and sensitive changes. 

  • Privacy by design

    Accolade is committed to privacy compliance. This includes maintaining a working environment that fosters honest and integral conduct around the use and disclosure of Protected Health Information and Personal Information. Accolade has assigned qualified individuals to develop, implement, monitor, and maintain our security and privacy program. 

  • Vulnerability prevention

    Accolade uses security tools that help developers identify and address vulnerabilities early in development. This reduces the likelihood of security incidents and improves our overall security posture.

  • Penetration testing

    Accolade regularly participates in external Penetration Tests. Third-party security experts conduct these tests to evaluate the security of Accolade's systems and applications. The frequency of these tests varies from quarterly to yearly, depending on each system's specific security requirements. 

  • Single sign-on (SSO)

    Accolade strongly supports and promotes the use of Single Sign-On (SSO) for our organization and the services we offer. 
Show more

Compliance

Accolade adheres to rigorous industry regulations like HIPAA and SOC 2 Type II to ensure the confidentiality, integrity, and security of protected health information.

HIPAA

Accolade complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other privacy standards in respect of its creation, receipt, transmission, and maintenance of protected health information and other personally identifiable information. 

SOC 2 Type II

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA). This report evaluates an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. Accolade maintains an annual SOC 2 Type II certification. 

HIPAA

Accolade complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other privacy standards in respect of its creation, receipt, transmission, and maintenance of protected health information and other personally identifiable information. 

SOC 2 Type II

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA). This report evaluates an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. Accolade maintains an annual SOC 2 Type II certification. 

HIPAA

Accolade complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other privacy standards in respect of its creation, receipt, transmission, and maintenance of protected health information and other personally identifiable information. 

SOC 2 Type II

The SOC 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA). This report evaluates an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. Accolade maintains an annual SOC 2 Type II certification.