HIPAA Compliance

Our Commitment to HIPAA Compliance

TallyCare is built to help organizations maintain compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA").

We implement administrative, technical, and physical safeguards to protect Protected Health Information ("PHI").

Administrative Safeguards

• Business Associate Agreements (BAAs) with customers when required
• Workforce training for personnel with PHI access
• Role-based access and minimum-necessary principles
• Comprehensive audit logging and monitoring
• Breach-notification procedures compliant with 45 CFR §164 Subpart D

Technical Safeguards

• Encryption in transit (TLS 1.2+)
• Encryption at rest
• Secure authentication and access controls
• Audit trails for PHI access and changes
• Intrusion detection systems
• Secure and encrypted backups

Physical Safeguards

• HIPAA-compliant hosting infrastructure
• Restricted access to all production systems
• Redundant and fault-tolerant environments

Customer Responsibilities

Your organization is responsible for:

• Training your staff on HIPAA and internal policies
• Managing who has access to PHI
• Ensuring lawful data entry
• Configuring user permissions appropriately
• Ensuring record retention in accordance with applicable state rules

Business Associate Agreements

TallyCare executes BAAs with Covered Entities and Business Associates who add PHI to the platform.

To request a BAA, contact: contact@tallycare.app

Breach Reporting

In the event of a breach or suspected breach, we will notify customers according to HIPAA's Breach Notification Rule.