Data Security Measures

How we protect your health information with industry-leading security

Security Overview Technical Safeguards Administrative Safeguards Physical Safeguards Encryption Access Controls Monitoring & Auditing Breach Response

Our Commitment to Security

At Texas Service Animals, we implement comprehensive security measures to protect your protected health information (PHI) in accordance with the HIPAA Security Rule. Our multi-layered security approach ensures your data remains confidential, integral, and available only to authorized personnel.

Confidentiality

Only authorized individuals can access your health information

Integrity

Your data is accurate and protected from unauthorized alteration

Availability

Your information is accessible when you need it

Compliance Standards
                        HIPAA Compliant
                        SSL/TLS Encrypted
                        SOC 2 Type II
                        PCI DSS Compliant
                    

Technical Safeguards

We employ advanced technical measures to protect electronic PHI (ePHI):

Unique User Identification

Every user has a unique identifier for tracking access to ePHI. Shared accounts are strictly prohibited.

Automatic Logoff

Sessions automatically terminate after a period of inactivity to prevent unauthorized access.

Audit Controls

Comprehensive logging of all access to ePHI, including who accessed what and when.

Integrity Controls

Mechanisms to ensure ePHI is not improperly altered or destroyed.

Administrative Safeguards

Our administrative policies and procedures protect your information:

Security Officer

We have designated a Security Officer responsible for developing and implementing security policies and procedures.

Workforce Training

All employees receive comprehensive HIPAA training upon hiring and annually thereafter. Training covers privacy rules, security best practices, and breach reporting.

Risk Analysis

We conduct regular risk assessments to identify potential vulnerabilities and implement appropriate safeguards.

Business Associate Agreements

All third-party vendors with access to PHI sign Business Associate Agreements (BAAs) ensuring they comply with HIPAA requirements.

Physical Safeguards

Physical security measures protect the hardware and facilities where PHI is stored:

Facility Access Controls

Limited physical access to facilities with ePHI

Workstation Security

Policies for workstation use and physical security

Device Controls

Proper disposal and reuse of electronic media

Secure Data Centers

SOC 2 certified cloud infrastructure

Encryption

We use industry-standard encryption to protect your data both in transit and at rest:

Data in Transit

TLS 1.3 encryption for all connections
HTTPS enforced across all pages
Secure API communications
Encrypted email for sensitive data

Data at Rest

AES-256 encryption for stored data
Encrypted database backups
Encrypted file storage
Secure key management

Access Controls

We implement strict access controls to ensure only authorized personnel can access PHI:

Role-Based Access Control (RBAC)

Users only have access to the minimum information necessary for their job functions.

Multi-Factor Authentication (MFA)

All administrative access requires multi-factor authentication for additional security.

Strong Password Requirements

Complex passwords with minimum length, special characters, and regular expiration policies.

Account Termination

Immediate revocation of access when employees leave or change roles.

Monitoring & Auditing

Continuous monitoring helps us detect and respond to security threats:

Real-Time Monitoring

24/7 system monitoring for suspicious activity

Audit Logs

Comprehensive logs of all access to PHI

Vulnerability Scanning

Regular security scans to identify weaknesses

Penetration Testing

Annual security testing by third parties

Breach Response

In the unlikely event of a security breach, we have comprehensive response procedures:

Our Breach Response Process

Identification: Detect and confirm the breach
Containment: Stop the breach and prevent further damage
Investigation: Determine the scope and impact
Notification: Notify affected individuals within 60 days as required by HIPAA
Remediation: Implement measures to prevent future incidents
Reporting: Report to HHS and media if required

We maintain a detailed Incident Response Plan and conduct regular drills to ensure our team is prepared to respond quickly and effectively to any security incident.

Have questions about our security measures? Contact our Security Officer at security@texasserviceanimals.net

Back to HIPAA Compliance Patient Rights