HIPAA Compliance
Hospital-grade security for athletic medical records
foß is fully HIPAA compliant for handling Protected Health Information (PHI). We implement the same security measures used by hospitals and medical facilities to protect athlete medical records, wellness data, and injury information.
Our HIPAA Compliance Measures
End-to-End Encryption
All PHI is encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls
Role-based access control with audit logging for all PHI access
Secure Storage
HIPAA-compliant data centers with physical and digital security
Breach Notification
Automated incident response and breach notification procedures
Regular Audits
Third-party security audits and penetration testing
BAA Available
Business Associate Agreements for enterprise customers
Our HIPAA Compliance Measures
- AES-256-GCM encryption for all Protected Health Information (PHI)
- Role-Based Access Control (RBAC) with minimum necessary access
- Complete audit trails for all medical record access
- Automatic session timeouts and re-authentication
- Business Associate Agreements (BAA) for enterprise customers
- Regular third-party security audits and penetration testing
For questions about our HIPAA compliance, security measures, or to report a potential security incident, contact us at support@foß.de