Skip to content

Security & Compliance

Last updated: June 6, 2026

Metrias builds discharge-operations software for hospitals. Patient privacy and data security are foundational to that work. This page summarizes our current posture so a hospital IT or security reviewer has what they need to begin an evaluation. We describe only what is true today and label work that is still in progress.

HIPAA

Metrias handles Protected Health Information (PHI) only under a signed Business Associate Agreement (BAA). BAAs are available for paid pilots and production engagements. This marketing website collects no PHI, and PHI never flows through it.

SOC 2

Our SOC 2 program is in progress. We are building and documenting the control set required for examination; we will share our report status with prospective partners under NDA. We do not represent ourselves as SOC 2 certified prior to completing an audit.

EHR integration model

Metrias integrates with major electronic health record systems — including Epic, Oracle Health (Cerner), and MEDITECH — using industry-standard HL7 v2 and FHIR interfaces. Integrations use least-privilege access scoped to the discharge workflow, and are bidirectional where the source system supports it, so clinical teams avoid double-documentation.

Data hosting & residency

Production data is hosted on established United States cloud infrastructure. Data processed on behalf of partners is stored and processed in the United States.

Encryption

  • In transit: TLS for all connections.
  • At rest: encryption for stored data.

PHI handling philosophy

  • Minimum necessary. We request and process only the data required for the discharge workflow.
  • Segregation. PHI is kept separate from marketing and analytics systems. No PHI is collected in lead forms or sent to analytics.
  • Non-production data. Development and testing use synthetic or de-identified data, not real PHI.
  • Auditability. Access to PHI is role-based and audit-logged.

Responsible disclosure

If you believe you have found a security issue, please email contact@metriasmedical.com. We appreciate coordinated disclosure and will work with you to validate and address valid reports.

For reviewers

Need our security package, BAA, or to start a vendor review? Reach us at contact@metriasmedical.com and we will route you to the right person.