HIPAA Compliant

Privacy & Security Rule Safeguards

AES-256 Encrypted

At Rest & TLS 1.3 In Transit

BBB A+ Rated

Better Business Bureau Accredited

CMS-Compliant

Medicaid Enrollment Protocols

Multi-State Licensed

FL, AL, GA, TX, KS, MS & More

FL Sheriffs Association

Corporate Sponsor

AL Sheriffs Association

Corporate Sponsor

Audit-Ready Documentation

Export-Ready for Regulators

AWS Cloud Hosted

Amazon Web Services Infrastructure

US-Based Data Residency

AWS us-east-1 & Virginia Region

Built for Institutional Trust

HealthCred’s infrastructure is designed around the compliance, security, and documentation standards that correctional healthcare environments demand.

Request a Compliance Overview

Security Architecture

Multiple layers of protection for protected health information

Data Security

Encryption at rest using AES-256 standard
Encryption in transit using TLS 1.3
Secure cloud infrastructure with redundancy and failover
Regular third-party security assessments
Secure data deletion protocols aligned with NIST standards

Access Controls

Role-based access control (RBAC) aligned with job functions
Multi-factor authentication (MFA) for all user accounts
Principle of least privilege for data access
Session management with automatic timeout protocols
Audit logging of all system access and data interactions

HIPAA Compliance

Structured safeguards for protected health information

Privacy & Security Safeguards

Privacy Rule compliance for all protected health information (PHI)
Security Rule technical and administrative safeguards
Breach notification procedures meeting HIPAA timelines
Mandatory workforce training on HIPAA obligations
Regular compliance audits and risk assessments

Documentation & Oversight

BAA executed with every facility partner
Documented policies and procedures for PHI handling
Designated privacy and security officers
Incident tracking and remediation workflows
Annual compliance reviews and policy updates

Business Associate Agreement (BAA)

HealthCred executes a Business Associate Agreement with every facility partner, establishing legal obligations for protecting Protected Health Information. The BAA covers:

Definition of permitted uses and disclosures of PHI
Safeguarding requirements and security controls
Breach notification procedures and timeline compliance
Audit and access rights for covered entities
Subcontractor obligations and liability
Data return or destruction upon contract termination

Audit, Device Security & Incident Response

Comprehensive oversight and rapid response capabilities

Audit & Documentation

Comprehensive audit logging of all system activities
Immutable documentation of consent and data access
Automated audit trail generation for compliance review
Data retention policies aligned with state law
Export-ready documentation for regulatory auditors
Real-time compliance dashboards for oversight teams

Device Security

Secure device protocols for facility kiosks and terminals
Remote management capabilities for deployed devices
Automatic locking on device inactivity
Anti-tampering mechanisms and integrity verification
Compliance with facility physical security requirements

Incident Response

Documented incident response plan with escalation procedures
Security operations monitoring and alerting
Breach investigation protocols meeting HIPAA requirements
Incident containment and recovery procedures
Regulatory notification and timeline compliance
Post-incident analysis and remediation tracking

Regulatory & Standards Alignment

Designed to support correctional health and data security standards

CMS Compliance Framework

HealthCred’s enrollment infrastructure follows CMS-compliant protocols for Medicaid eligibility verification, Special Enrollment Period (SEP) documentation, and marketplace enrollment.

Multi-State Licensing & Agent Compliance

HealthCred maintains active agent licensing across multiple states including Florida, Georgia, Kansas, and Texas. All agents operate under structured Agent of Record (AOR) controls with documented compliance oversight.

NCCHC Standards Awareness

HealthCred’s operations align with NCCHC standards for health information management, confidentiality, and data security in correctional settings. Our infrastructure supports facilities pursuing NCCHC accreditation.

ACA Standards Awareness

HealthCred’s infrastructure supports compliance with ACA standards for information management, including data protection, access controls, and audit documentation.

Federal Compliance Framework

Operations comply with federal requirements including HIPAA, 42 CFR Part 2, CMS Conditions of Participation, and Medicare/Medicaid regulations governing eligibility and billing.

State-Specific Requirements

Correctional healthcare is subject to state-specific regulations. HealthCred maintains operational awareness of state Medicaid rules, data breach notification laws, and correctional health standards.

HealthCred’s infrastructure is designed to support facilities pursuing industry certifications and accreditations. Specific certification details are available upon request from our compliance team.

Continuous Oversight & Accountability

Mechanisms that support institutional confidence

Real-Time Compliance Dashboards

County leadership and compliance officers have access to real-time dashboards showing HealthCred activities, access logs, and audit trails.

Independent Audits

HealthCred supports independent security audits and compliance reviews by county auditors, state regulators, and third-party assessors. All documentation is audit-ready.

Regulatory Support

Our team supports facility compliance with state health department oversight, correctional inspection bodies, and federal audits.

Incident Escalation

Any security or compliance incident is reported to facility leadership and appropriate regulatory bodies per state law and contractual obligations.