As a data-driven company, our ability to ensure the security of highly sensitive healthcare information is paramount. From day one, Allēus has taken a relentless approach to designing and building a framework of highly secure networks and protocols so that the vital healthcare data healthcare organizations and health plans entrust to us is safe and secure from project start to finish.


Allēus achieved HITRUST CSF® Certification through an independent verification of our demonstrated ability to meet key regulations and requirements for managing risk while protecting individually identifiable health information (IIHI), personally identifiable information (PII), protected health information (PHI) and other sensitive information. We have fully implemented a comprehensive, scalable, and flexible framework of prescribed security controls in accordance with NIST and HITRUST CSF requirements and standards applicable to ISO, PCI, COBIT, FISMA, and NIST as well as HIPAA and HITECH regulations.


Based on the examination of an independent auditor Allēus received a SOC 2® Type 1 report pertaining to the security of our healthcare data analytics and revenue outreach services system controls based on standards established by AICPA. The report attests that Allēus service commitments and system requirements were achieved based on the trust services criterial relevant to security set forth in TSP section 100 of AICPA’s 2017 Trust Services for Security, Availability, Processing Integrity, Confidentiality, and Privacy.


Allēus operates in a 100% Amazon Web Services (AWS) cloud-based security environment that is ISO/IEC, FedRamp, NIST, and SOC 1, 2, and 3 compliant. We use a multi-firewall approach that pushes confidential data and PHI into a sub-level that isolates sensitive data from the main environment to segregate each client’s dataset.