Standards And Trust

Security and Privacy

Security and privacy are key to all types of data, but for healthcare data it's especially so. Our Information Security and Compliance team is committed to protecting you and your family's data. We use numerous monitoring and security tools with the industry's best practices to safeguard your information and confidentiality.

We have a comprehensive monitoring and auditing system that prevents fraud, waste, and abuse across the company. This includes medical records, billing and coding, treatments, prescriptions, and more.

Certification and Audits

HealthTap is the first virtual primary care physician practice to achieve Joint Commission accreditation for telehealth. This recognition reflects our commitment to the highest standards of healthcare quality and safety.

We maintain a Service Organization Control Type 2 (SOC 2) Type 2 certification. This means that our controls and systems for non-financial matters including security, availability, processing integrity, confidentiality, and privacy are audited and certified by an American Institute of Certified Public Accountants (AICPA)-accredited firm on a yearly basis. This SOC 2 Type 2 also measures our compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

We conduct penetration testing by third-party, independent firms that specialize in this service. We continuously improve our software development and engineering efforts based on the results of these tests. Additionally, Privacy Shield, General Data Protection Regulation 2016/679 (GDPR), and the upcoming California Consumer Privacy Act (CCPA) help shape our standards and policies.

Employee Vetting and Training

Before a potential employee joins HealthTap, they undergo complete criminal, educational, and employment background checks. In their first week with the company, they receive privacy and security training and sign a legally binding non-disclosure and confidentiality agreement.

We have regular conversations about security and privacy to support HealthTap customers as well as our own personal data. The HealthTap Information Security & Compliance team provides additional security awareness updates via email, blog posts, instant messaging, and in presentations during internal events.

The only people who have access to data are those who need it to do their jobs. This role-based access control (RBAC) is integral to accessing all systems and data for HealthTap and is reviewed on a regular basis. To access our Production Network, individuals are required to use multiple factors of authentication and obtain permission beforehand. With every new project or initiative, part of the planning process involves identifying, assessing, and planning to address security and privacy considerations.

Technology and Data

HealthTap incorporates compliance into data, product, and platform architecture, as well as the code we write. We safeguard the communications between you and HealthTap by using the industry's best practices for encryption, including Transport Layer Security (TLS) and Hypertext Transfer Protocol Secure (HTTPS) over public networks. TLS is also supported for the encryption of emails while in transit.

As minimum guidelines for our servers, networks, and other computing platforms, we use various industry standards and best practices from the Center for Internet Security (CIS), Cloud Security Alliance (CSA), and other organizations.

Product Design and Quality Assurance

We design our apps, website, and product features to be easy to use and delightful to experience, constantly seeking and monitoring feedback from our members and making improvements based on what works and what doesn't.

We test and monitor the platform continuously to make sure our members and doctors don't experience any friction or outages related to giving or receiving care and quality information.

Medical Operations

This team supports and coaches our doctors to ensure they are delivering care that demonstrates empathy, makes accurate and responsible clinical treatment decisions, and leaves patients feeling properly cared for.

This includes technology that makes it easy to order prescriptions and labs, obtain prior authorizations, make referrals, share records, and many other operational tasks that are otherwise cumbersome and time-consuming.

Member Support

We not only strive to resolve issues as quickly as possible, but we're always thinking about ways to improve. To that end, we read and reply to every review, whether positive or negative, in a timely manner. We also systematically solicit feedback from our patients, doctors, and staff to ensure we're informed of new and evolving concerns and additional ways to enhance our service and systems.