Credric
Security & Compliance

Built for healthcare.
Secured by design.

Credric is engineered from the ground up for HIPAA compliance and enterprise security requirements. Every layer protects your organization's data.

AES-256 Encryption

All credentials, tokens, and sensitive data encrypted at rest with AES-256-GCM. Per-tenant encryption keys ensure complete data isolation.

Multi-Factor Auth

TOTP authenticator app support plus email-based one-time codes. Recovery codes for account access. Dual MFA for maximum protection.

Role-Based Access Control

Granular roles from organization admin to care team lead. Facility-scoped permissions restrict access to only relevant organizational units.

Complete Audit Trail

Every action logged with actor, IP, timestamp, resource, and full JSON details. HIPAA-grade 6-year retention with exportable CSV reports.

Access Reviews

Scheduled reconciliation campaigns compare PointClickCare state against identity sources. Detect drift, orphaned accounts, and unauthorized access.

Data Isolation

Complete data isolation for your organization. Every query scoped to your account. Your data is never accessible to other organizations — by design, not by policy.

Session Management

HTTP-only cookies, absolute session lifetime, IP and user-agent tracking. No session tokens in API responses. Account lockout on failed attempts.

Auto-Revocation

Temporary access with automatic account disabling. Template-based or per-user override windows. Scheduled cron enforcement.

HIPAA Compliant
Built for healthcare
Data Encryption
AES-256-GCM at rest
Global Edge Network
Powered by Cloudflare

Complete visibility into every action

Real-time error monitoring and a comprehensive audit trail for every provisioning action across your organization.

app.credric.com
Audit log showing detailed action history with actor attribution, timestamps, and resource tracking

Every action logged with actor, timestamp, resource, and full change details

app.credric.com
Error dashboard with categorized errors by severity and source

Categorized error tracking with suggested fixes and resolution workflow

Compliance in depth

Security isn't a feature we added — it's how Credric is built. Every layer of the platform is designed for healthcare compliance requirements.

Data Isolation

  • Every organization's data is completely isolated at the database level
  • Queries are scoped to your organization — by design, not by policy
  • No cross-tenant access is possible, even for platform administrators

Audit Trail

  • Every action logged with actor, timestamp, resource, and full change details
  • Audit logs retained for up to 6 years per HIPAA requirements
  • Exportable CSV reports for compliance audits
  • Searchable by actor, action, resource type, and date range

HIPAA Alignment

  • Access reviews support §164.312(a)(1) access controls
  • Role-based access supports §164.308(a)(4) access management
  • Complete audit trail supports §164.308(a)(1)(ii)(D) activity review
  • Encryption at rest meets §164.312(a)(2)(iv) requirements

Continue exploring

Get Started

Ready to automate
PointClickCare provisioning?

See how Credric can give your IT team back the hours they spend on manual account management — regardless of your infrastructure.

By submitting, you agree to our Privacy Policy. We'll never share your information.