HIPAA Compliance Statement

3. Technical Safeguards

We employ industry-standard encryption and security protocols to protect data:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.2 or higher.
• Encryption at Rest: Sensitive medical data and files stored in our databases and file systems (via Google Cloud Firestore and AWS S3) are encrypted using advanced encryption standards (AES-256).
• Access Control: We implement strict Role-Based Access Control (RBAC). Only authorized personnel with a legitimate business need can access the backend infrastructure.
• Secure Communication: Teleconsultations and voice data processed via Twilio are secured and compliant with HIPAA transmission standards.

4. Physical and Infrastructure Safeguards

AnswerClinic does not host its own physical servers. We leverage the world-class, HIPAA-compliant infrastructure of trusted third-party providers:

• Amazon Web Services (AWS)
• Google Cloud Platform (Firebase)
• Twilio

These providers maintain ISO 27001 certification and strictly controlled physical data centers with 24/7 surveillance and biometric access controls.

5. Administrative Safeguards

• Staff Training: All AnswerClinic employees and contractors undergo privacy and security training regarding the handling of PHI.
• Minimum Necessary Standard: We request and use only the minimum amount of PHI necessary to perform our services and improve the App.
• Audit Logs: We maintain logs of system access and activity to detect and investigate any potential security anomalies.