TWISAL.
    hello@twisal.com
    Compliance

    HIPAA Compliance.

    At Twisal, we understand that protecting Protected Health Information (PHI) is critical for our healthcare clients. Our systems and processes are designed to meet or exceed the requirements of the Health Insurance Portability and Accountability Act (HIPAA).

    1. Business Associate Agreements (BAA)

    We sign Business Associate Agreements (BAAs) with all of our healthcare clients. This legally binding document outlines our responsibilities as a Business Associate in safeguarding any PHI that passes through the infrastructure we build and manage for you.

    2. Data Security & Encryption

    We employ robust security measures to ensure that PHI remains secure both in transit and at rest:

    • In Transit: All data transmitted between our servers, your website, and third-party integrations is encrypted using industry-standard TLS/SSL protocols.
    • At Rest: Data stored within our CRM and database environments is encrypted using AES-256 encryption.

    3. Access Controls

    Access to systems containing PHI is strictly controlled and monitored:

    • Role-Based Access: Only authorized personnel with a legitimate business need have access to systems that may contain PHI.
    • Authentication: Strong password policies and multi-factor authentication (MFA) are enforced for all internal access to sensitive environments.

    4. Audit Controls and Monitoring

    Our infrastructure includes comprehensive logging and auditing capabilities:

    • We maintain detailed audit logs of system access and activity.
    • Logs are regularly reviewed to detect and respond to any unauthorized access attempts or anomalous behavior.

    5. Employee Training

    All Twisal team members who handle or have access to PHI undergo regular HIPAA compliance and security awareness training to ensure they understand their responsibilities in protecting patient data.

    6. Incident Response

    In the unlikely event of a security incident involving PHI, we have an established incident response plan to quickly identify, contain, and mitigate the issue. We will notify affected clients in accordance with HIPAA Breach Notification Rules and the terms of our BAA.

    7. Third-Party Integrations

    We carefully vet all third-party tools and vendors used in our technology stack to ensure they also maintain HIPAA compliance and are willing to sign BAAs where applicable.

    Questions About Compliance?

    If you have specific questions about our HIPAA compliance measures or need to request a Business Associate Agreement, please contact our compliance team at compliance@twisal.com.

    We use cookies to improve your experience, track form submissions, and optimize our marketing. By clicking "Accept", you agree to our use of cookies as detailed in our Privacy Policy.