EMS Survey Team
Request a Demo
Trust Center

Our Commitment to Security & Trust

At EMS Survey Team, we recognize that the data you entrust to us—from patient feedback to operational metrics—is your most valuable asset. Our Trust Center serves as a transparent resource to outline the rigorous standards, technologies, and processes we employ to ensure your data remains secure, private, and available.

  • Commitment to PHI: We maintain a security-first culture dedicated to protecting Protected Health Information (PHI) and sensitive PII.
  • Regulatory Alignment: Our systems are designed to comply with HIPAA requirements and align with industry-recognized security frameworks.
  • Resilient Operations: We provide high-level uptime and proactive monitoring to ensure your insights are available when you need them most.

Security & Compliance

Security & compliance at EMS Survey Team is our highest priority. All employees undergo mandatory security awareness and HIPAA compliance training upon hire and annually thereafter.

  • Role-Based Access Controls (RBAC): Applying the principle of least privilege for all system access.

  • Access Management: Formal user provisioning and deprovisioning procedures.

  • Authentication: Multi-factor authentication (MFA) is required for administrative accounts.

  • Vendor Management: Strict risk management and evaluation for all integrated platforms.

  • Training & Operations: Comprehensive security awareness training and documented operational procedures for all staff.

  • Incident Response: Formally documented incident response procedures.

EMS Survey Team leverages infrastructure providers and partners that maintain world-class compliance programs. Our platform ecosystem is supported by vendors with frameworks and certifications that include:
  • SOC 2
  • ISO 27001
  • HIPAA-aligned infrastructure controls
  • GDPR-aligned data protection practices (where applicable)

EMS Survey Team maintains documented procedures to respond to security incidents.

These procedures include:

  • Identification and investigation of potential security events

  • Containment and remediation procedures

  • Notification processes when required

  • Review and improvement of security controls following incidents

Data Minimization

We only collect and process the specific data elements required to perform survey analytics and reporting. We do not “mine” your data for secondary purposes.

Purpose-Driven Access

Access to customer data is strictly limited to authorized EMS Survey Team personnel specifically tasked with providing technical or customer support for your account.

Privacy by Contract

Our privacy commitments are codified directly within our Contract Agreement and Business Associate Agreement (BAA). These documents legally bind us to industry-standard data protection, confidentiality, and breach notification protocols.

No Third-Party Selling

EMS Survey Team does not sell, rent, or lease customer or patient data to third parties. Data sharing is limited exclusively to the sub-processors listed in this Trust Center who are essential to delivering our service.

Infrastructure Hosting & Subprocessors

EMS Survey Team leverages trusted, globally recognized cloud providers to host and operate its platform infrastructure. These providers operate hardened data centers with strict physical and environmental security controls. We also integrate specialized vendors to provide specific platform functionality.

All vendors are evaluated for their security posture and maintain their own published trust centers and compliance programs.

Partner Trust Centers

Qualtrics

Qualtics is the industry-leading provider in Patient Experience (PX) surveys and reporting.
Qualtrics Trust Center

Microsoft

Microsoft Azure stores & validates data intake files & configurations.
Microsoft Service Trust

Google

A HIPAA-compliant Google Workspace is used for file storage and email.
Google Trust Center

RevSpring

RevSpring prints and mails our patient experience surveys.
RevSpring Trust Center

Nanonets

Nanonets is an industry-leading Intelligent Document Provider (IDP)
Nanonets Trust Center

  • Encryption in Transit: All data in transit is encrypted using TLS 1.2 or higher.

  • Encryption at Rest: Encryption standards are rigorously maintained through our cloud infrastructure providers.

  • Access Control: Access to systems is strictly restricted to authorized personnel, with privileged access limited and continuously monitored.

  • Monitoring & Logging: System activity and infrastructure events are logged. Continuous monitoring processes help identify and investigate unusual activity.

  • Network Security: Our cloud platforms provide built-in network security controls, firewalls, and malicious traffic protection.

Our infrastructure partners provide high availability and resiliency through distributed cloud infrastructure.

Key protections include:

  • Redundant infrastructure

  • Cloud data center resiliency

  • Disaster recovery capabilities provided through cloud platforms

These controls support the availability and continuity of EMS Survey Team services.

Survey & Dashboard Environment

Our user-facing survey engine and reporting dashboards are hosted by Qualtrics, a global leader in experience management. This ensures a seamless, accessible, and highly available interface for both patient surveys and data analysis.

Backend & Data Services

Data intake, processing, and print exporting are powered by Microsoft Azure. This allows us to maintain a secure, scalable backend for complex data handling and reporting.

Mailing Patient Experience Surveys

We partner with RevSpring to handle the printing and fulfillment of mailed paper surveys. RevSpring provides secure, state-of-the-art print and mail services that allow us to reach patients in every zip code. Their HIPAA-compliant facilities ensure that physical survey mailers are generated, tracked, and delivered with the same level of security as our digital offerings.

OCR Processing

We partner with Nanonets, an industry-leading Intelligent Document Processor (IDP) to process mailed patient experience responses by analyzing paper scans with OCR and AI processing using pre-trained models.

Customer Responsibility

Security is a Shared Responsibility. While we secure the platform and infrastructure, customers are responsible for:

User Management

Provide provisioning and access details for user on-boarding and off-boarding.

Credential Hygiene

Ensure your users utilize strong passwords and follow internal security policies.

Content Safety

Ensure PHI is only included in secure fields, and all EMS Survey Team processing procedures are followed.

Responsible Disclosure

If you believe you have discovered a security vulnerability related to our systems or services, please report it to our security team for immediate review. All legitimate reports will be reviewed and investigated promptly.

Artificial Intelligence (AI) Usage in our Platform

At EMS Survey Team, we are committed to transparency, data security, and accuracy. As part of our ongoing efforts to improve our service delivery and analytical capabilities, our platform utilizes Artificial Intelligence (AI) in specific, targeted areas of the survey lifecycle.

To help you understand exactly how your data is handled, we have outlined the specific stages where AI is—and is not—utilized within our system.

Where AI is Utilized

We leverage secure, industry-leading AI tools strictly to improve processing speed, accuracy, and data insights during the final stages of the survey lifecycle:

  • Processing Mailed Surveys (Optical Character Recognition):
    For physical surveys that are mailed back to us, our platform utilizes Nanonets, which features a dedicated AI model for Optical Character Recognition (OCR). This model is specifically trained on our unique survey structure, allowing our system to read, digitize, and process scanned physical survey responses much faster and with a higher degree of accuracy than traditional manual entry.
  • Survey Dashboard Results (Sentiment Analysis): To provide actionable insights from patient feedback, our survey dashboards utilize the Qualtrics Text iQ functionality. This tool is applied exclusively to the open-ended comments provided by patients on their surveys (e.g., “Is there anything else you would like to share about your experience with the medics?”). Text iQ uses AI to analyze the sentiment and category of the text, helping agencies quickly identify highlights in service quality as well as pinpointing specific areas for improvement.

Where AI is not Utilized

We believe in strict, deterministic data handling for the core foundational steps of our survey process. AI is not used in any of the following stages:

  • Encounter Data Provision: Receiving encounter files from our clients.
  • Encounter Data Validation: Checking and validating the provided encounter data.
  • Survey Distribution: The process of sending out surveys to patients.
  • Survey Completion: The interface and process where patients actively take and submit their surveys.

Security Reviews

We understand that healthcare organizations and public safety agencies must maintain rigorous Vendor Risk Management (VRM) programs. EMS Survey Team is committed to supporting your compliance and security evaluation processes by providing the transparency and documentation you need.

Because we leverage a hybrid infrastructure, our security review process is designed to provide you with both our internal administrative safeguards and the verified compliance reports of our infrastructure partners.

Through our security review process, you can request:

  • Execution or review of Business Associate Agreements (BAAs).

  • Responses to standard security and compliance questionnaires.

  • Attestations and compliance documentation for our primary infrastructure providers (such as SOC 2 or ISO 27001 reports for Microsoft Azure and Google Cloud).

  • Further details regarding our internal access controls, data routing, or incident response policies.