// COMPLIANCE

HIPAA COMPLIANCE

Chattycare is built from the ground up to meet HIPAA requirements for protecting patient health information.

BAA Available

We sign Business Associate Agreements with all covered entity customers.

Encrypted Data

AES-256 encryption at rest, TLS 1.3 in transit for all PHI.

Audit Logging

Comprehensive logs of all access to protected health information.

Secure Infrastructure

SOC 2 Type II compliant cloud infrastructure with access controls.

Our Commitment to HIPAA Compliance

As a Business Associate under HIPAA, Chattycare implements administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of protected health information (PHI) processed through our platform.

We understand that healthcare practices trust us with sensitive patient data, and we take that responsibility seriously.

Technical Safeguards

  • Encryption: All data is encrypted using AES-256 at rest and TLS 1.3 in transit
  • Access Controls: Role-based access control (RBAC) ensures users only access data they need
  • Authentication: Multi-factor authentication available for all accounts
  • Audit Logs: Immutable logs track all access and modifications to PHI
  • Automatic Logoff: Sessions timeout after periods of inactivity
  • Unique User IDs: Every user has a unique identifier for accountability

Administrative Safeguards

  • Security Officer: Designated security officer responsible for HIPAA compliance
  • Employee Training: All team members complete HIPAA training annually
  • Risk Assessments: Regular security risk assessments and remediation
  • Incident Response: Documented procedures for security incident handling
  • Vendor Management: All subcontractors sign BAAs and meet security requirements

Physical Safeguards

  • Data Center Security: SOC 2 Type II certified data centers with 24/7 monitoring
  • Access Controls: Physical access to servers restricted to authorized personnel
  • Workstation Security: Policies for secure workstation use and device management

Business Associate Agreement

We provide a Business Associate Agreement (BAA) to all healthcare customers. The BAA outlines:

  • Permitted uses and disclosures of PHI
  • Safeguards we implement to protect PHI
  • Breach notification procedures
  • Requirements for subcontractors
  • Termination provisions and data return/destruction

Breach Notification

In the event of a security incident involving PHI, we will notify affected covered entities within 24 hours of discovery. We maintain detailed incident response procedures and work with customers to meet all HIPAA breach notification requirements.

Shared Responsibility

HIPAA compliance is a shared responsibility. While Chattycare provides a compliant platform, covered entities are responsible for using the service appropriately, training their staff, and configuring settings in accordance with their own policies.

Request BAA or Compliance Documentation

To request a Business Associate Agreement or additional compliance documentation, contact us:

Mitryco, LLC

Representative: Dmytro Loza

1111B S Governors Ave, STE 23705

Dover, DE 19904, United States

Phone: (585) 304-2924

Email: dmitry@mitryco.com