Security & Peace of Mind

Hipaa compliance US, Encrypted, Security Cert. Backup. Servers.


Our network is protected by an enterprise-class firewall and all YellowSchedule plans include SSL encryption to keep your data safe.

Our product software and infrastructure is updated regularly with the latest security patches and our state-of-the-art computer servers are protected by biometric locks and 24-hour surveillance.

Security and peace of mind with YellowSchedule

Photo of a physiotherapist with a patient

Enabling HIPAA Compliance

All US based health care organizations need to be HIPAA compliant. It’s up to each organisation to ensure compliance, there is no such thing as ‘HIPAA Compliant Software’. However software should enable your organisation to fulfil all its obligations in regard to the electronic storage of patient information. YellowSchedule enables our customers to

  • Track who did what
  • Define user roles
  • Ensure data security
  • Ensure maximum ‘up time’ of the system and availability of a backup


Our customers trust us with their most sensitive data. Our system has specifically been developed to ensure that access to your data is secure, fast, always available and that hardware systems are fault tolerant.


Your data is safe. We take nothing to chance and have numerous processes in place to protect against any potential dataloss:

  • Secure database replication system ensures lossless replication across multiple availability zones.
  • Secure system of data backups.
  • Advanced monitoring systems pre-alert staff where any exceptions occur (memory spikes, high CPU usage etc).
  • All critical devices reside on dual power supply systems.
  • Geographically distributed backups to secure facilities on the opposite side of the continent.
  • Backup and restoration processes are regularly tested.
  • Optimized databases and load balanced servers ensure you’ll never be waiting for your data.
  • Audit history allows users to track changes to client data.

Data Security

Specific security controls ensure that only you have access to your data.

  • SSL SHA256 secures data in transit.
  • PHI/PII data encrypted at rest (Rijndael AES256 encryption).
  • Backups and data replication secured to non-public servers.
  • Controlled access to data.
  • Firewall and cloud security groups control access to system hardware
  • Multifactor authentication function is an provided which involves text message verification at regular intervals or on any login attempts on unrecognised devices.
  • AWS Cloudwatch used for log/event management and alerting purposes.
  • Internal staff controls for key management and password control

Physical Security controls

All data is hosted in secure datacenters with the world leaders in managed hosting. Physical security controls used in the datacenter include:

  • Keycard protocols.
  • Biometric scanning protocols.
  • Around-the- clock interior and exterior surveillance.
  • Access limited to authorized data center personnel, prior clearance and escort required.
  • Thorough background security checks on Data center employees.
  • Best Environmental controls including:
    • N+1 redundant HVAC (Heating Ventilation Air Conditioning) system
    • Advanced fire suppression systems.
    • Every 90 seconds, all air is circulated and filtered to remove dust and contaminants.