Your data is secured with Eleos health

The security of your data is our top priority. We are committed to providing a highly secure, HIPAA compliant environment that you can trust.

We take compliance seriously

Eleos Health’s security model and controls are based on international protocols and standards, and adhere to industry best practices. To support our customers’ security and compliance needs, Eleos Health has invested significantly in compliance accreditations and has contracted with an independent third-party agency that conducts annual penetration testing and automatically monitors our product for security vulnerabilities via external tools and auditors.

Eleos Health has successfully passed the rigorous external audit of SOC 2 Type II + HITRUST, leveraging the collaboration between AICPA and HITRUST, resulting in the highest level of security in the healthcare industry.

Eleos Health’s security team would be happy to answer any questions at:
[email protected]

Security, privacy, and compliance

Eleos Health is a unique, AI-assisted platform for therapists. There is nothing more personal than therapy, which is why we are extremely careful to protect personal health information (PHI). Eleos Health is HIPAA compliant, and upholds the highest standards of privacy and data protection. On this page, you can find our Privacy Policy and Business Associates Agreement (BAA).

We take consumers data seriously

We understand that trust is critical when it comes to consumer/clinician relationships, so we do not take any shortcuts to protect your consumers’ information. Our entire platform is HIPAA compliant and held to the highest privacy standards, including the encryption of data on record, in transit, and at rest. We don’t stop with HIPAA and take additional steps to ensure the safety of your data, among which are:

Continuous monitoring of our system

Internal and
external audits

Highly complex passwords, strict policies and 2FA

A thorough architecture and organizational governance

Our technology team

led by our Chief Technology Officer, are alumni of the IDF’s Center of Encryption and Cyber Security, one of the most prestigious centers for information security in the world.

How do we handle PHI?

Once a clinician starts using our system, the PHI goes through the following process:

Captured -> Encrypted -> Analyzed -> Populated back into the clinician’s dashboard for a predefined amount of days -> After that period, the information can be de-identified/deleted upon request, depending on state and federal laws.

What is the initial storage period and what happens after?

We may retain de-identified data (audio only) in order to ensure and improve the accuracy of our system. In the event that we use your de-identified information to improve our system’s performance, the handling of that information will be carried out only by the members of our clinical review team who are data protection professionals. All other Eleos Health employees have no access to this data.

Do you sell the de-identified data?

We do not sell or license information, or any other form of data to anyone.

What about informed consent from my consumers?

You are responsible for obtaining consent from your clients to record sessions. The rules and laws governing the recording of patient sessions can differ by jurisdiction and the provider’s credentials. It is your responsibility to know which laws apply to you, your practice, and the records you maintain. Lastly, it is important for you to know that several academic studies have shown that the vast majority of clients see the value in recording their sessions, and for the most part, you should not encounter resistance in asking for their consent.