Enterprise Grade Compliance and Security
Collectly adheres to healthcare industry compliance standards. Beyond standard adherence & certifications, we deploy top-of-the-line technologies to keep your data safe.
We maintain HITRUST i1 Validated status with annual third-party assessment covering encryption, SSO/MFA and role-based access, continuous monitoring and logging, vulnerability management, vendor security, secure SDLC, and incident response.
We maintain controls aligned to SOC 2’s Security, Availability, and Confidentiality criteria—encryption at rest/in transit, SSO/MFA and least-privilege access, continuous monitoring, vendor risk management, and a documented incident response program.
Card data is protected end-to-end: TLS in transit, encryption/tokenization via our PCI DSS Level 1–certified processor, strict key and access controls, and regular security testing and vendor reviews.
We support HIPAA compliance for our customers as a Business Associate. We sign BAAs and protect PHI with encryption, role-based access, audit logs, trained staff, secure data handling, and documented incident response procedures.
Collectly’s Security Program
Collectly encrypts data at rest and in transit for all of our customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
Collectly regularly engages some of the industry’s best application security experts for third-party penetration tests. Our penetration testers evaluate the source code, running application, and the deployed environment.
Collectly also uses high-quality static analysis tooling provided by GitLab to secure our product at every step of the development process.
Collectly uses Amazon Web Services to host our application. We make full use of the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Inspector.
In addition, we deploy our application using Kubernetes, meaning we typically do not manage servers or EC2 instances in production.
Industry Leading Accountability & Oversight
Collectly’a AI and automations meet the highest standards of healthcare security, compliance, and operational oversight — giving organizations the control and accountability they need.
Every interaction is tracked, time-stamped, and reportable, giving your team complete oversight into how patient inquiries are handled.
Secure identity verification ensures sensitive billing information is only shared with the right person.
Want to know what your virtual support agents are doing? Collectly provides transparent activity logs so you can monitor performance just like a live team.
Our clients use
Majority of our clients use modern electronic health records / practice management software systems (EHR/PMs). We love working with organizations who use the following: EHR/PMs
20
+
Whether you have a web/cloud-based or on-premises software, we'll make it work.
