We take data security to heart.
AliveCor is committed to protecting our customers by achieving a high standard of data security and compliance. As our organization scales, we continue to evolve and adapt our data governance and protection strategies, and strive to provide secure technology services to our customers.
AliveCor is certified/third party attested with the following security assurance programs:
ISO 42001

ISO 42001 is an international standard that provides a framework for organizations to establish, implement, maintain, and continually improve an Artificial Intelligence Management System (AIMS). This standard helps companies manage AI responsibly by promoting ethical practices, ensuring compliance, mitigating risks, and fostering innovation within their AI systems and products. It provides a comprehensive structure, similar to other ISO management system standards, to govern the development and use of AI technologies. AliveCor has received ISO 42001 certification for the Artificial Intelligence Management System (AIMS) supporting the Kardia AI V2 and Corvair algorithms that support our AI-driven products, Kardia 12L and KardiaMobile 6L. The details of our AIMS certification are publicly available at https://www.schellman.com/certificate-directory
ISO 27001

ISO 27001 is a globally recognized standard for the establishment and certification of an information security management system (ISMS). The standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented ISMS within the context of the organization’s overall business risks. It sets forth a risk-based approach that focuses on adequate and proportionate security controls that protect information assets and give confidence to interested parties. The details of our ISMS certification are publicly available at https://www.schellman.com/certificate-directory
HITRUST e1 Certification

AliveCor has attained a HITRUST Essentials 1-year (e1) Certification for Kardia, Kardia Pro, and KardiaComplete platforms, validating our commitment to foundational cybersecurity controls and information risk management. HITRUST e1 Certification demonstrates that these platforms are focused on the most critical controls to demonstrate that essential cybersecurity hygiene is in place. The e1 assessment is one of three progressive HITRUST assessments that leverage the HITRUST CSF framework to prescribe cyber threat adaptive controls that are appropriate for each assurance type.
SOC 2 Type 2

Completing the SOC 2 Type 2 examinations with zero exceptions listed implies that AliveCor’s Kardia and KardiaPro platforms meet or exceed the stringent security standards set by the American Institute of Certified Public Accountants (AICPA). The examinations report on AliveCor’s system and the suitability of the design and operating effectiveness of security controls.
HIPAA compliant

HIPAA compliant implies that AliveCor's Kardia and KardiaPro platforms are compliant with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the Breach Notification Rule. These are a list of established performance criteria across the areas of security, privacy, and breach laid down by the Office of Civil Rights (OCR).