Security & Compliance

Elevated PHI protection
‍Our system follows strict HIPAA and HITECH standards for encrypted PHI transmission and storage of PHI.

Third party vetting
‍All third party vendors that store, process, access, or manage PHI are required to enter into a HIPAA Business Associate Agreement.

Encrypted data exchange
Encrypted record sharing, messaging, and reminders ensure safe communication between your practice and your clients.

North American data storage
All data that is shared with TherapyAppointment is stored and processed in North America, including third party processors.

Real-time backup
‍Your data is backed up nightly in multiple locations in compliance with HIPAA disaster recovery mandates.

24/7 data monitoring
We use a complex system of monitoring, including regular integrity testing, to keep your data safe 24/7.

Vetted business partners
We fully vet our partners to ensure they meet compliance requirements and are committed to the same level of protection that we provide.

Validated encryption solutions
We leverage industry validated encryption solutions to protect all data transmitted or stored by our system.

Limited risk of downtime
Our servers and networks leverage redundant designs to maximize availability and limit the risk of application downtime.

Account privacy protection
We offer two-factor authentication and require 12-character or stronger passwords.

Employee access settings
Job-based roles and permissions let you configure and enforce security and compliance settings for your staff.

Free data storage
Free unlimited data storage allows you to safely store digital records for the legally required amount of time.

‍
Comprehensive audit trails
‍Our software includes self-service audit trails so you can quickly detect unauthorized access or misuse of records.