Security & Compliance

At Happy Charting Ltd, the security and privacy of your patient data are our top priorities. We adhere to industry-leading standards and partner with trusted global providers to ensure your information remains safe, encrypted, and compliant at all times.

Infrastructure Security

We host all data using Amazon Web Services (AWS) - one of the most secure and reliable cloud service providers in the world. AWS continually manages risk through rigorous, recurring assessments to maintain compliance with international security standards.

AWS data centers are accredited under the following certifications:

  • ISO 27001

  • SOC 1 and SOC 2 / SSAE 16 / ISAE 3402 (formerly SAS 70 Type II)

  • PCI DSS Level 1

  • FISMA Moderate

  • Sarbanes–Oxley (SOX)

Each AWS facility undergoes regular third-party security audits and is designed to protect against unauthorized access — both virtual and physical — as well as natural and environmental threats such as fire, earthquakes, and power outages.

Data Security

Every Happy Charting application operates within its own isolated environment, ensuring no data interaction or cross-access between systems. This structure creates a stable, secure, and compartmentalized environment for your clinic’s data.

All sensitive information is stored in encrypted databases with strictly defined access controls - viewable only by authorized users and system administrators. Passwords are encrypted using industry-standard hashing algorithms.

We perform daily, full data backups of our database. Backups are securely stored within AWS’s infrastructure under the same advanced safeguards and encryption protocols that protect all production data.

Connection Security

All communication between your browser and our servers is protected with SSL (Secure Socket Layer) encryption. This ensures that data transmitted between you and the system remains private and unreadable to unauthorized parties.

Please note: While we maintain the highest level of server-side protection, the security of your local computer remains your responsibility. We recommend keeping your software up to date, using reputable antivirus programs, and ensuring that all staff members follow strong cybersecurity practices.

HIPAA compliance

We take HIPAA compliance extremely seriously - and we encourage both private and community acupuncturists to do the same.

While HIPAA does not provide an official certification process, we work continuously under the guidance of specialized consultants to meet and maintain all applicable HIPAA and HITECH standards.

Happy Charting partners with Compliancy Group (www.compliancy-group.com) — a leading HIPAA compliance consultancy - to regularly review, audit, and update our Effective Compliance Plan and internal safeguards.

This ongoing collaboration ensures that we consistently uphold the highest standards of security, confidentiality, and regulatory compliance.

Data Transfer

Our goal is to make your transition to Happy Charting as smooth and stress-free as possible.

Currently, we accept CSV file imports of patient demographic data exported from your previous EHR system or scheduling software. You can easily upload this file by navigating to:
Settings → Data Transfer → Upload CSV File

If you have specific import needs or unique data requirements, please contact our support team — we’re happy to assist and will do everything possible to accommodate your setup.

Our Commitment

At Happy Charting, safeguarding patient data is not just a legal obligation - it’s a core value. We continually invest in advanced technologies, trusted partnerships, and ongoing training to ensure that your clinic - and your patients - are protected at every level.