HIPAA Compliance
Credsy Clinic is built from the ground up to meet HIPAA requirements. Protecting your providers' data isn't just a feature — it's foundational to everything we do.
Our Safeguards
Encryption
All protected health information (PHI) is encrypted at rest using AES-256 and in transit using TLS 1.3 — ensuring data is protected at every stage.
Azure Infrastructure
Hosted on Microsoft Azure HIPAA-eligible services with a signed Business Associate Agreement (BAA) in place, backed by enterprise-grade compliance controls.
Access Controls
Role-based access controls, multi-factor authentication, and comprehensive audit logging for every data access event ensure only authorized personnel can view PHI.
Regular Audits
Annual third-party security assessments and continuous monitoring help us maintain a strong compliance posture and rapidly address emerging threats.
Business Associate Agreements
Credsy enters into Business Associate Agreements (BAAs) with all covered entities and subcontractors as required under HIPAA. Our BAA with Microsoft Azure covers all cloud infrastructure services used to store and process PHI, ensuring full chain-of-trust accountability.
Incident Response
Credsy maintains a documented breach notification procedure consistent with the HIPAA Breach Notification Rule. In the event of a confirmed breach, all affected parties and the U.S. Department of Health and Human Services (HHS) will be notified within the required regulatory timeframes.
Employee Training
All Credsy personnel complete mandatory HIPAA training upon onboarding and on an annual basis thereafter. Access to protected health information is strictly limited to personnel who require it to perform credentialing operations, and access rights are reviewed regularly.
Questions?
For compliance questions, please contact us at compliance@credsy.clinic.