Security
Review the safeguards and service boundaries that protect LabPreCheck for practices and labs.
Security Overview
Security is part of how LabPreCheck is designed and operated for both practice and lab customers.
LabPreCheck is operated as a security-conscious workflow platform for practices and labs. Security is built into the service architecture, customer access model, infrastructure choices, and operational controls rather than being treated as a separate add-on.
This page summarizes the current security posture for customer review. It does not promise a certification, audit report, or third-party attestation unless LabPreCheck expressly publishes one.
Access Controls
Access to customer data is controlled by identity, workspace, role, and server-side enforcement.
LabPreCheck restricts access according to authenticated identity, organization membership, selected workspace, and role. Practices and labs operate in separate workspaces, and higher-risk functions are limited to authorized administrators or otherwise privileged service flows.
Authenticated access for workforce users only.
Organization and workspace boundaries between practices and labs.
Role-based permissions and admin-only controls for higher-risk actions.
Server-side enforcement for sensitive workflows instead of browser-only trust.
Data And Infrastructure Protection
Customer data is protected through layered infrastructure, operational, and monitoring controls.
LabPreCheck uses administrative, technical, and physical safeguards designed to protect customer data, including sensitive workflow data and PHI where applicable. The platform also uses monitoring, logging, and operational controls to support system integrity and incident response.
Secure infrastructure and service-provider controls.
Encryption and protected transport for service traffic and stored data where applicable.
Logging, monitoring, backup, and incident-management controls appropriate to the service.
Public Routes And Communications
Public routes and routine communications are intentionally limited to protect sensitive workflow data.
LabPreCheck keeps public routes and routine communications intentionally limited. This reduces the risk of oversharing sensitive case details in places that are not meant to hold the real workflow record.
That rule matters to both practices and labs, because secure operations depend on keeping the case itself inside the product.
Public pages, public forms, and routine notifications are kept free of patient and case detail.
Public routes are limited to marketing, support, and narrow utility purposes.
Sensitive workflow activity stays inside the authenticated service instead of moving into side channels.
Service Provider Management
LabPreCheck manages service providers within defined security and contractual boundaries.
Like other software platforms, LabPreCheck depends on selected service providers for infrastructure, communications, payments, analytics, mapping, AI, and related service operations. Those providers are used within controlled service boundaries rather than as open-ended replicas of the product.
Where providers support regulated or sensitive workflows, LabPreCheck manages those relationships through contracts, access restrictions, and product-level safeguards appropriate to the nature of the data and service function.
Third-party providers are used only for defined service purposes.
Sensitive providers are managed under written terms and internal controls appropriate to their role.
No vendor is treated as a substitute for LabPreCheck’s own security and operational responsibilities.
Customer Security Responsibilities
Customers should review the full legal package and manage their own internal access and policy controls.
Each practice and lab remains responsible for its own workforce access, internal policies, lawful use of the service, and the security of the devices and networks its users rely on. Customer organizations should also review the Terms, Privacy, HIPAA, and the Business Associate Addendum as part of their legal and security review.
Security or procurement questions should be sent through Contact.