Data and Security



Can mProve Health meet the regulatory requirements for my country?

mProve Health has provided our messaging service in many different countries. Our systems/processes meet or exceed 21CFR11, HIPAA, ICH, ISO/IEC 27000 expectations as applicable. We have also received a Privacy Shield Certification. We employ a comprehensive battery of technical and administrative safeguards, including:

  • Data Encryption (in transmission and at rest)
  • Audit Trails
  • Password strength guidelines
  • Auto lock-out after ten minutes of inactivity
  • Forced password reset for first time uses
  • One account per person and role-based user-access
  • Protections driven by Vulnerability Assessments and Penetration Testing

We’d be more than happy to discuss our experience in your country and review any country-specific regulatory requirements.

Where is the data stored?

The data is stored in a secure hosting facility in the United States. mProve Health has an appointed Data Security Officer and is Privacy Shield certified.

What subject data does this service store?

The reminder system only stores the study Subject ID and the subject’s mobile phone number. It will not store any other personal information. The information we do store, will not be released to anyone aside from authorized users.