- The Point-of-Care (POC) is HIPAA, PIPEDA, AUS Privacy Act, CCPA, and GDPR Compliant
- HIPAA Compliance & Business Associate's Agreement (BAA)
- PIPEDA Compliance
- AUS Privacy Act
- GDPR Compliance
- This POC is PCI Compliant
- This POC integrates with HIPAA-compliant Zoom
- Back Up Procedures
- Additional resources
The Point-of-Care (POC) is HIPAA, PIPEDA, AUS Privacy Act, CCPA, and GDPR Compliant #
HIPAA Compliance & Business Associate’s Agreement (BAA) #
- The Health Insurance Portability and Accountability Act (HIPAA) is a series of US regulations that protects personal health information. This POC is compliant with the HIPAA Privacy Rule, the HIPAA Security Rule, the HIPAA Breach Notification Rule, the HIPAA Administrative Safeguards, and the HIPAA Physical Safeguards.
Business Associates Agreements are in place with strategic partners and site sessions are encrypted with 512-bit Secure Socket Layer technology. A Business Associate’s Agreement with entities, and access to specific provider and client profiles is highly limited, regulated, and closely monitored. Team members have signed agreements in place accordingly.
PIPEDA Compliance #
- The Personal Information Protection and Electronic Documents Act (PIPEDA) is a series of Canadian regulations that protect personal health data. The POC’s infrastructure protects personal information in compliance with PIPEDA.
This POC is PCI Compliant #
What is PCI Compliance?
The Payment Card Industry Data Security Standard, a set of security measures designed to ensure a secure environment for transmitted credit card information. Our payment processor is certified as PCI Service Provider Level 1, the highest possible level. The POC tokenizes and encrypts all payment information and payment information is not stored by Metabolic Code®, nor accessible to anyone within the organization.
What Makes The POC PCI Compliant?
We partner with Stripe and Microsoft’s Azure on PCI compliance:
- Stripe’s compliance – https://stripe.com/docs/security/stripe
- Acutal certification – http://www.visa.com/splisting/searchGrsp.do?companyNameCriteria=stripe
Azure compliance – https://www.microsoft.com/en-us/trustcenter/Compliance/HIPAA
This POC integrates with HIPAA-compliant Zoom #
The HIPAA-compliant level of Zoom is available, which is the most secure version of Zoom available. HIPAA-compliant Zoom is used by hospitals, medical facilities, and clinics all over the world for end-to-end 256-bit AES encrypted and secure video and audio calls. This offers an added layer of protection over direct-to-consumer version of Zoom available to the public.
We also offers a built-in WebRTC solution for video chat that does not utilize Zoom. Providers can alternatively choose to utilize Zoom or our built in telehealth software, when they go to schedule a call.
Back Up Procedures #
Information held in the POC is secured and backed up regularly on our servers; we partner with AWS, Aptible, and Microsoft Azure to ensure that data is encrypted and prevent data loss. We keep full audit trails of information if ever needed. If you would like an export of your information for personal records, please send up as support ticket through the practitioner support page HERE.