HIPAA isn't a checkbox. It's the architecture.
VerifyMD handles protected health information on every call. Our entire platform — from voice agent infrastructure to data storage to client-facing dashboards — is engineered for HIPAA compliance from the ground up.
Security at every layer of the stack.
Encryption at Every Layer
All data — voice recordings, transcripts, verification certificates — is encrypted with 256-bit AES at rest and TLS 1.3 in transit. No PHI is ever stored in plaintext.
Business Associate Agreements
VerifyMD executes a BAA with every client firm. Our infrastructure partners (cloud hosting, telephony, storage) are also covered under executed BAAs.
Access Controls & Audit Logs
Role-based access controls ensure only authorized personnel can view case data. Every access event is logged with timestamps, user IDs, and IP addresses for full auditability.
Data Retention & Disposal
PHI retention policies are configurable per firm. When data is deleted, it's permanently purged from all systems — including backups — within the HIPAA-required timeframe.
Full HIPAA safeguard coverage.
Administrative Safeguards
- Designated Privacy & Security Officers
- Workforce training on PHI handling
- Incident response & breach notification procedures
- Ongoing risk assessments and remediation
Physical Safeguards
- SOC 2 Type II certified data centers
- No on-premise PHI storage
- Facility access controls at hosting providers
- Media disposal procedures for all storage devices
Technical Safeguards
- 256-bit AES encryption at rest
- TLS 1.3 encryption in transit
- Role-based access controls (RBAC)
- Comprehensive audit logging & monitoring
Need a BAA?
We execute Business Associate Agreements with every client. Schedule a call and we'll have yours ready before onboarding.