HIPAA Compliance
Our approach to healthcare data security and privacy protection.
Important Notice
Tendral Health's survey platform is designed for healthcare market research and does not collect, process, or store Protected Health Information (PHI) as defined by HIPAA. While we maintain stringent security measures, our platform operates outside the scope of HIPAA requirements as we do not handle patient data.
Our Approach to Healthcare Data Security
While Tendral Health's survey platform does not fall under HIPAA jurisdiction because we do not handle Protected Health Information (PHI), we maintain security standards that meet or exceed HIPAA technical safeguards to ensure the highest level of data protection for our users.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect patients' medical records and other personal health information. HIPAA applies to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates who handle PHI.
Tendral Health's Data Handling
Our platform collects and processes:
- Professional credentials and verification data
- Survey responses related to clinical opinions and market research
- Aggregated, anonymized research insights
- Account and payment information
We explicitly do not collect: Patient names, medical record numbers, individual patient health information, or any other PHI.
Security Measures
Administrative Safeguards
- Security officer designation and oversight
- Workforce training and management protocols
- Access management procedures
- Security incident response procedures
Physical Safeguards
- Facility access controls
- Workstation security policies
- Device and media controls
Technical Safeguards
- Unique user identification
- Automatic session timeout
- Encryption for data in transit and at rest
- Comprehensive audit logs and reports
- Data integrity controls
- Transmission security (TLS 1.3)
Business Associate Agreements (BAAs)
Since Tendral Health does not handle PHI, we typically do not enter into Business Associate Agreements. However, we maintain vendor agreements with all our service providers that include strict confidentiality and security requirements.
Data Breach Response
In the unlikely event of a data breach, we have established procedures to:
- Immediately contain and assess the breach
- Notify affected users within 72 hours
- Cooperate with regulatory authorities
- Implement corrective measures
- Document all actions taken
Security Certifications
While HIPAA certification is not applicable to our platform, we maintain:
- SOC 2 Type II compliant infrastructure (via Supabase)
- Regular third-party security audits
- Penetration testing
- Vulnerability assessments
For Healthcare Organizations
If you're a healthcare organization considering Tendral Health for market research:
- Our platform is designed to keep your research activities separate from patient care
- We provide tools to ensure no PHI is inadvertently shared in survey responses
- Our security measures align with healthcare industry best practices
- We can provide detailed security documentation upon request
Questions About Our Security Practices?
If you have questions about our security measures or need additional information for your compliance team, please contact us:
Email: security@tendralhealth.com