Despite this, we encrypt all data on the phone. For Windows 10 devices we will also take advantage of the 'Hello Windows' security features which can use iris and facial recognition. Your data is safe and always protected provided you secure it. Always set a password and use a lock screen to protect your device and optionally use Bitlocker. It's free and comes with the phone.
Every single packet of data we send is encrypted with 256bit AES encryption (excluding your texts and e-mails but including group chat). AAA data is then only ever sent over an HTTPS connection. Data is AES encrypted on your device, during transmission and when stored in a HIPAA compliant data storage facility. We use SQL Server 'Always Encrypted' databases for storage. When you create a group and invite colleagues, we also use multi-factor security authentication and on top of this, we time limit the invitations. Despite this, we know that there is no 100% secure system. How secure is 256bit AES encryption (don't take our word for it) https://en.wikipedia.org/wiki/Brute-force_attack
"AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space."
We exceed HIPAA and HITECH requirements.
BUT we recognise that your institution may not permit the recording of personally identifiable data to be held on your personal device - Well - Don't - You are an intelligent human being and a dedicated professional and we know that you will use the tools at your disposal to deliver the service and duty of care you need to supply. AAA is just a means to help you deliver the care you need with technology - How you choose to use that technology is as always up to you.
As for storage, your data is ultimately held in a Microsoft data centre like the one in the picture below but we also hold an additional copy of your data in an identical datacentre which is geographically remote (just in case).
A copy of the Azure HIPAA compliance statement can be found here.
Maintaining datacenters at this level of security and fault tolerance is extremely expensive but due to the scale of Azure, the costs are drastically reduced and the technology is now wildly available.