How We Protect Patient Data
CloutBurst is designed to help healthcare practices collect reviews, referrals, and feedback without exposing sensitive patient information. We take data security seriously and follow HIPAA-aligned best practices to protect both practices and patients. This page explains how we approach security and compliance at a high level.

What Data CloutBurst Uses (and Doesn’t Use)
CloutBurst is not an electronic health record (EHR) system.We do not store medical histories, diagnoses, treatment notes, or insurance detailsWe do not access clinical charts or patient health recordsWe only process the minimum information required to send post-visit communications

Typical data may include:
• First name
• Contact information (email or phone)
• Visit timing or service category (when provided)

HIPAA-Aligned by Design
CloutBurst is built to support HIPAA-aligned workflows by minimizing risk and limiting exposure. Our approach includes:
• Data minimization (only what’s necessary)
• Role-based access controls
• Activity logging for sensitive actions
• Secure message delivery practices
• For practices that require it, Business Associate Agreements (BAAs) are available upon request.

Data Security Practices
We implement industry-standard safeguards to protect data at every stage.
• Encryption. Data encrypted in transit using TLS
• Data encrypted at rest using modern encryption standards
• Access Controls. Restricted system access
• Authentication and authorization requirements
• Internal access limited to essential personnel only
• Monitoring & Logging. System activity monitoring
• Audit logs for key actions. Ongoing review of access patterns
• Infrastructure & Reliability. CloutBurst operates on secure, reputable cloud infrastructure with: Redundant systems; Regular security updates; Ongoing monitoring for vulnerabilities.

We continuously review and improve our security posture as standards evolve.

Your Role as a Practice
CloutBurst provides the platform and safeguards. Practices remain responsible for:
• Obtaining appropriate patient consent
• Ensuring accuracy of patient contact informationUsing the platform in accordance with applicable regulations
• We provide guidance and best practices during onboarding to support compliant use.

Transparency & Trust
• We believe security should be clear, not confusing.
• If you have specific compliance requirements, work with a DSO, or need documentation for internal review, our team is happy to help.

Questions?
If you have questions about security, HIPAA alignment, or BAAs, please contact us through the site or request a short walkthrough.