Trust & Security at eloraHQ

Elora is AI-powered software to empower Care Coordinators, Community Health Workers, and Case Managers in connecting people to at-home and community care. The platform revolutionizes how these professionals support and manage continuous care, enabling them to serve more people, more effectively, while focusing on meaningful human connections.

Our Commitment

At eloraHQ, we understand that we're handling some of the most sensitive information in healthcare: the personal stories and needs of individuals seeking care. Our commitment to security and privacy isn't just about compliance—it's about protecting the trust that social workers, healthcare organizations, and their clients place in us.

We believe in:

  • Data minimization: We collect only what's necessary

  • Purpose limitation: Data used only for stated purposes

  • User control: Clear policies on data access and rights

  • Transparency: Clear communication about data usage

  • Privacy by design: Built into every feature

HIPAA-Compliant, Ethical AI, Secure Data Solution.

Privacy and Security Controls

    • HIPAA compliance

    • SOC 2 Type II (in progress)

    • HITRUST CSF (planned)

    • Regular third-party security audits

    • Adherence to federal and state guidelines

    • Protected Health Information (PHI) safeguards

    • Audit trails and secure access controls

    • Regular compliance audits and certifications (planned)

    • End-to-end encryption for all sensitive data

    • Security assessments and penetration testing

    • Secure data centers

    • Strict access controls and authentication protocols

    • Data retention and classification procedures

    • Ethical AI development practices

    • Regular model monitoring and validation

    • Bias detection and mitigation (in progress)

    • Human oversight of AI systems

    • Unique production database authentication enforced

    • Unique account authentication enforced

    • Production application access restricted

    • Access control procedures established

    • Production database access restricted

    • Firewall access restricted

    • Production OS access restricted

    • Production network access restricted

    • Unique network system authentication enforced

    • Remote access MFA enforced

    • Remote access encrypted enforced

    • Network firewalls utilized

    • Network and system hardening standards maintained

    • Asset disposal procedures utilized

    • Production inventory maintained

    • Anti-malware technology utilized (planned)

    • Employee background checks performed

    • Code of Conduct acknowledged by employees and enforced

    • Password policy enforced

    • MDM system utilized

    • Visitor procedures enforced

    • Security awareness training implemented

    • Data encryption utilized

    • Control self-assessments conducted

    • Data transmission encrypted

    • Vulnerability and system monitoring procedures established

    • Continuity and Disaster Recovery plans

    • Development lifecycle established

    • Backup processes planned

    • Management roles and responsibilities defined

    • Security policies established and reviewed

    • Access requests required

    • Incident response policies established

    • Incident management procedures followed

    • Physical access processes established

    • Data center access reviewed

    • Risk assessment objectives specified

    • Risks assessments performed

    • Risk management program established

    • Vendor management program established

Your Trust, Our Priority

We welcome questions about our security practices and are committed to maintaining open dialogue about your data protection needs.