HIPAA Compliant Statement
True AfterCare, LLC (TAC) is committed to and has implemented many safeguards to ensure its devices, services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). This Statement is not intended to take the place of a Business Associate Agreement.
TAC is committed to continuous improvement to ensure its Products incorporate state-of-the-art information technology privacy and security measures. We are committed to keeping all PHI (Protected Health Information) that is entrusted to us private and secure. We have instituted policies and procedures to ensure this data is kept confidential, including, but not limited to, the following:
Security is a top priority for TAC, therefore, access to patient data is strictly enforced. All employees are required to sign a confidentiality agreement as a condition of their employment. Additionally, TAC has initiated formal practices to assign appropriate personnel access to data, and actions are in place to govern the proper movement and handling of that data.
TAC and its data center are physically secure. Access to the building and offices are all independently controlled via card access at each level, preventing walk-up intrusion, especially after hours. TAC’s entire network infrastructure data center is in a secured and locked facility with a first-tier hosting provider that holds certifications such as SSAE 16 Type II SOC 1, 2 and 3, as well as SOC 27001. The hosting provider maintains security of the facility at all times and no one is permitted to enter the structure without proper access. Production hosting equipment is dedicated to our environment and is segmented from any other customer or providers.
To further protect sensitive data, TAC enforces unique software architecture that includes various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates, and increasing measures to provide better data integrity and encryption.