HIPAA Compliance
Protecting your health information with industry-leading security measures
End-to-End Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Secure Infrastructure
HIPAA-compliant cloud with SOC 2 Type II certification.
Access Controls
Role-based access ensures only authorized personnel reach PHI.
Our Commitment
At Resiliens, we understand the sensitive nature of mental health information. When we work with healthcare providers, health plans, and other covered entities, we act as a Business Associate under the Health Insurance Portability and Accountability Act (HIPAA). We comply with all applicable requirements of the HIPAA Privacy Rule and Security Rule, including the HITECH Act amendments.
Business Associate Agreement
For covered entities and their partners, we offer a comprehensive Business Associate Agreement (BAA) that outlines our responsibilities and commitments for protecting PHI. Our BAA covers:
- Permitted uses and disclosures of PHI
- Administrative, physical, and technical safeguards
- Breach notification procedures and timelines
- Requirements for subcontractors handling PHI
- Individual rights regarding their PHI
- Termination provisions and data return/destruction
- Documentation retention (minimum 6 years)
- HHS audit compliance and cooperation
Administrative Safeguards
Comprehensive policies and procedures governing how we manage PHI.
Security Management
Regular risk assessments and mitigation strategies to identify and address potential vulnerabilities.
Workforce Security
Background checks, training, and access management for all employees who may encounter PHI.
Access Management
Role-based access controls with minimum necessary standards — staff only access the PHI they need.
Security Training
Regular HIPAA and security training for all team members, with ongoing education on emerging threats.
Incident Procedures
Documented procedures for identifying, reporting, and responding to security incidents.
Contingency Planning
Data backup, disaster recovery, and business continuity plans to ensure PHI availability.
Breach Notification
- Promptly investigate and contain the breach
- Notify covered entities within 60 days of discovery
- Provide detailed breach information including PHI involved
- Cooperate with notification obligations to individuals and HHS
- Implement measures to prevent future breaches
Subcontractor Management
All subcontractors who may access PHI agree to the same restrictions and conditions that apply to us:
- Sign appropriate Business Associate Agreements
- Implement adequate security measures per HIPAA
- Report security incidents promptly
- Return or destroy PHI upon termination
Individual Rights
We support covered entities in fulfilling individual rights under HIPAA:
- Access their Protected Health Information
- Request amendments to their PHI
- Receive an accounting of disclosures
- Request restrictions on uses and disclosures
- Receive confidential communications
- Notification in the event of a breach
Request a Business Associate Agreement
If you’re a covered entity or business associate seeking to establish a BAA with Resiliens, please contact our compliance team.
Email: info@resiliens.com