HIPAA Compliance

Ascerta is built from the ground up to meet HIPAA requirements. We take the security and privacy of Protected Health Information (PHI) seriously.

Our Commitment to HIPAA

As a healthcare technology provider, Ascerta operates as a Business Associate under HIPAA. We understand that protecting patient information is not just a legal requirement—it's a fundamental responsibility.

Our platform is designed to handle Protected Health Information (PHI) in compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. We implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all PHI.

We are committed to continuous improvement of our security posture and regularly update our practices to address emerging threats and regulatory changes.

Technical Safeguards

Data Encryption

All data is encrypted using AES-256 at rest and TLS 1.3 in transit.

Secure Infrastructure

Hosted on SOC 2 Type II certified cloud infrastructure with 99.99% uptime.

Access Controls

Role-based access control with multi-factor authentication required.

Audit Logging

Comprehensive audit trails for all PHI access and modifications.

Compliance Features

Business Associate Agreement (BAA) available
Annual third-party security audits
Regular penetration testing
Employee HIPAA training program
Incident response procedures
Data breach notification protocols
Minimum necessary access principle
Automatic session timeouts
Secure data disposal procedures
Regular risk assessments

Business Associate Agreement

Before uploading any PHI to Ascerta, Covered Entities must execute a Business Associate Agreement (BAA) with us. Our BAA outlines our responsibilities for protecting PHI and our commitment to HIPAA compliance.

Incident Response

In the unlikely event of a security incident involving PHI, we have established procedures to:

  • Immediately contain and investigate the incident
  • Notify affected Covered Entities within 24 hours of discovery
  • Provide detailed incident reports
  • Assist with breach notification requirements
  • Implement corrective actions to prevent recurrence

Questions About Our HIPAA Compliance?

Our security team is available to answer questions and provide additional documentation.