Opus Security and Compliance

Protecting Your Data is our Highest Priority with Security and Compliance

At Opus,we take the security and safety of our client's data very seriously. Opus is a secure and reliable technology platform, delivering the most advanced security and compliance capabilities our customers expect. Opus enforces team-wide and organization-wide multi-factor authentication, single sign-on, and encryption of data in transit and at rest.We have state of the art security system and specialists working nonstop on improving and adopting new technologies to protect your valuable information. To accomplish this, we implement several security layers. Some examples of this are:

Opusis built in the cloud in agile development and engineered and coded in modern programming languages that are much faster, more secure, and cloud friendly.

We use the most advanced hyper-network, enterprise-grade cloud-based data centers in the market, all protected by state of art Security Technologies with firewall protection both for Databases and applications with Threat Intelligence and 24-Hour Intrusion Monitoring to protect your valuable assets.

All our communications happen through a Transport Layer Security (TLS) to ensure safe client-server communications through encrypted protocols and every message uses a Token Authentication System with advanced Cryptographic Message Authentication to protect the user session and electronic transmissions.

We canalso configure access restrictions based on geographic locations, IP addresses and/or time of the day, all of it depending on the client specific needs.

We use a 2048-bit encryption for the communication over the TLS protocol, plus 256-bit encryption for user session tokens using JWT with HMAC-SHA256. HMAC (Hash-based Message Authentication Code) is a message authentication code that uses a cryptographic hash function. HMAC is more secure than any other authentication codes as it contains Hashing as well as MAC.

We also implement standard security measures like Username and Password, Multi-Factor Authentication, Session Timeout and Device detection.


As a customer of Opus, you own and control your data. Opus does not use your data for anything other than providing you with the service that you have subscribed to. As a service provider, we do not scan your email, documents, or teams for advertising or for purposes that are not service-related. All data is encrypted so Opus does nothave access to uploaded documents and content, socustomer and patient datastays within the tenant.

Compliance Standards

Opus meetsthe following industry standards, certifications and audits including PCI DSS Level 1, ISO 27001, FISMA Moderate, and SOC 1/SSAE 16/ISAE 3402.

HIPAA, which stands for Health Insurance Portability & Accountability Act, is very important for addiction, SUD, and mental health treatment centers to comply withthese standards. Essentially, HIPAA requires all health care providers to safeguard personal patient health information and statistics.

The HIPAA Privacy, Security, and Breach Notification Rules (the HIPAA Rules) establish important protections for individually identifiable health information (called protected health information or PHI when created, received, maintained, or transmitted by a HIPAA covered entity or business associate), including limitations on usesand disclosures of such information, safeguards against inappropriate uses and disclosures, and individuals’ rights with respect to their health information. Covered entities and business associates must comply with the applicable provisions of the HIPAARules.

Here is the catalogue of compliance certifications, including:

  • CIS Benchmark
  • CSA STAR Attestation
  • CSA STAR Certification
  • CSA STAR Self-Assessment
  • ISO 20000
  • ISO 22301
  • ISO 27001
  • ISO 27017
  • ISO 27701
  • ISO 27018
  • ISO 9001
  • SOC 1,2,3
  • WCAG 2.0
  • CJIS
  • DoD L 2,4,5
  • DoE 10
  • EAR
  • FDA CFR Title 21
  • FedRAMP
  • FIPS 140-2
  • IRS 1075
  • ITAR
  • NIST 800-171

Ready to find a better EHR and Telehealth platform?

Opus is a complete and total clinical solution better than just an EHR. If you have questions or want to learn more, we should schedule a time to talk. Contact us today to schedule a demo.

Schedule a Demo