HIPAA Compliance
Last updated: September 6, 2025
Important Notice
Tendral Health's survey platform is designed for healthcare market research and does not collect, process, or store Protected Health Information (PHI) as defined by HIPAA. While we maintain stringent security measures, our platform operates outside the scope of HIPAA requirements as we do not handle patient data.
Security Safeguards
Enterprise-grade encryption, access controls, and regular security audits protect all data
Access Controls
Role-based permissions, multi-factor authentication, and audit logging for all access
Data Integrity
Automated backups, data validation, and integrity checks ensure data accuracy
Our Approach to Healthcare Data Security
While Tendral Health's survey platform does not fall under HIPAA jurisdiction because we do not handle Protected Health Information (PHI), we maintain security standards that meet or exceed HIPAA technical safeguards to ensure the highest level of data protection for our users.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect patients' medical records and other personal health information. HIPAA applies to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates who handle PHI.
Tendral Health's Data Handling
Our platform collects and processes:
- Professional credentials and verification data
- Survey responses related to clinical opinions and market research
- Aggregated, anonymized research insights
- Account and payment information
We explicitly do not collect: Patient names, medical record numbers, individual patient health information, or any other PHI.
Security Measures
Administrative Safeguards
- Security officer designation
- Workforce training and management
- Access management procedures
- Security incident procedures
Physical Safeguards
- Facility access controls
- Workstation security
- Device and media controls
Technical Safeguards
- Unique user identification
- Automatic logoff
- Encryption and decryption
- Audit logs and reports
- Data integrity controls
- Transmission security
Business Associate Agreements (BAAs)
Since Tendral Health does not handle PHI, we typically do not enter into Business Associate Agreements. However, we maintain vendor agreements with all our service providers that include strict confidentiality and security requirements.
Data Breach Response
In the unlikely event of a data breach, we have established procedures to:
- Immediately contain and assess the breach
- Notify affected users within 72 hours
- Cooperate with regulatory authorities
- Implement corrective measures
- Document all actions taken
Compliance Certifications
While HIPAA certification is not applicable to our platform, we maintain:
- SOC 2 Type II certification
- Regular third-party security audits
- Penetration testing
- Vulnerability assessments
For Healthcare Organizations
If you're a healthcare organization considering Tendral Health for market research:
- Our platform is designed to keep your research activities separate from patient care
- We provide tools to ensure no PHI is inadvertently shared in survey responses
- Our security measures align with healthcare industry best practices
- We can provide detailed security documentation upon request
Questions About Our Security Practices?
If you have questions about our security measures or need additional information for your compliance team, please contact us:
- Email: security@tendralhealth.com
- Phone: +1 (555) 123-4567
- Security Documentation: Available upon request with NDA