Better days start with better nights.

Empower your patients with sleep quality insights.

Terms of Service | Privacy Policy | Security Statement

Security Statement


SleepStudy is dedicated to protecting all customer data using industry best standards.

Many of our customers demand the highest levels of data security, and have tested our services to verify that it meets their standards. In each case, we have surpassed expectations and received high praise from large international organizations.

SleepStudy’ most important concern is the protection and reliability of customer data. Our servers are protected by high-end firewall systems, and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched. All services have quick failover points and redundant hardware, with complete backups performed nightly.

Most important is our confidential system component design. It uses multiple checks to certify that packets from one subsystem can only be received by a designated subsystem. Access to systems is severely restricted to specific individuals, whose access is monitored and audited for compliance.

Customer data are stored in a specific location; it does not float around in the “cloud.” In addition, all data are processed in that location, and are not moved to another jurisdictional area. In other words, if data are collected in the U.S., all data are processed in the U.S.

SleepStudy uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Our services are hosted by ISO 27001 certified trusted data centers that are independently audited using the industry standard SSAE-16 method.

SleepStudy deploys the general requirements set forth by many Federal Acts, including the FISMA Act of 2002. We meet or exceed the minimum requirements as outlined in FIPS Publication 200.

Since our subscribers control their users and their data, it is important for the users to practice sound security practices by using strong account passwords and restricting access to their accounts to authorized persons

Regarding HIPAA, HITECH, and specific data types: SleepStudy provides software and other services where all data are processed equally, without regard to how a customer might classify their data. As such, SleepStudy cannot declare or represent any data entered into its services. Any processing of specific data types are purely incidental, and not required to use the services.

HITECH (Health Information Technology for Economic and Clinical Health Act) updated HIPAA rules to ensure that data are properly protected and best security practices followed. SleepStudy safeguards all customer data, and uses secure data centers to ensure the highest protection as per HITECH requirements.


Better days start with better nights.