Last updated: February 2026
Enterprise-Grade Security
Shield Tracker is built from the ground up with healthcare security requirements in mind. Our platform protects your survey data with the same rigor you apply to clinical systems — because your USNWR submission data reflects the operational DNA of your hospital.
Infrastructure
Shield Tracker is hosted exclusively on Microsoft Azure, leveraging Azure’s SOC 1/2/3, ISO 27001, and HITRUST certified infrastructure. All data resides in U.S.-based data centers with geographic redundancy.
- Encryption at rest — AES-256 encryption for all stored data including survey responses, documents, and audit logs
- Encryption in transit — TLS 1.2+ for all connections with HSTS enforcement
- Network isolation — Virtual network segmentation with Azure Private Link for database access
- Automated backups — Point-in-time recovery with 30-day retention and geo-redundant storage
Access Controls
Every action in Shield Tracker is governed by role-based access control (RBAC) with four distinct permission levels:
- Data Contributor — Can enter and edit survey responses for assigned service lines only
- Service Line Lead — Can review, comment on, and approve submissions for their service lines
- Executive Viewer — Read-only access to dashboards, reports, and trending across all service lines
- Organization Admin — Full platform administration including user management, service line configuration, and survey year setup
Audit & Compliance
- Comprehensive audit trail — Every data change, login, approval, and export is logged with timestamp, user, and IP address
- HIPAA readiness — We maintain healthcare-grade controls and execute BAAs with all customers
- SOC 2 Type II — Controls mapped to Trust Services Criteria; formal audit in progress
- Session management — Configurable timeout, concurrent session limits, and forced logout capabilities