Home
Team
Pricing
Contact
Sign In
LEARN MORE
Home
Team
Pricing
Contact
Sign In
LEARN MORE

Security Policy

At GuidePT, a division of Rehabilitation Health, LLC, we are committed to ensuring the privacy and security of our users' data, including the protection of sensitive health information. Our platform is designed and maintained to comply with industry standards, including the Health Insurance Portability and Accountability Act (HIPAA), and to provide a secure environment for both providers and patients.

HIPAA Compliance

GuidePT follows stringent HIPAA guidelines to ensure that patient data is handled securely and confidentially. We partner with HIPAA-compliant providers for data storage and processing, and maintain Business Associate Agreements (BAAs) with all relevant vendors, including JotForm, Google, Microsoft, and OpenAI.

Key Security Measures

  • Data Encryption: All data is encrypted both at rest and in transit using industry-standard encryption methods (AES-256).
  • Access Control: Access to patient data is restricted to authorized users through role-based permissions and multi-factor authentication (MFA).
  • De-identified Data: For processing purposes, patient data sent to third-party services is de-identified to protect privacy.
  • Regular Audits: We conduct regular security audits to ensure that our platform maintains the highest standards of protection.

Data Handling and Storage

  • Intake Form and Data Collection: GuidePT’s intake form, built using JotForm, is securely stored on JotForm’s HIPAA-compliant servers, ensuring the confidentiality and integrity of patient data. Each clinic has a dedicated and customized form to keep data siloed and secure.
  • Reports Dashboard: Patient reports are stored and accessed via a secure web application. Only authorized healthcare providers within each organization can view and manage these reports.
  • Administrative Dashboard: The GuidePT Administrative Dashboard, used for managing users and settings, does not store Protected Health Information (PHI).

Secure Data Transfer

Data transfers between GuidePT and other platforms, such as electronic health record (EHR) systems, are conducted through secure, HIPAA-compliant APIs or encrypted file transfers to ensure that PHI remains protected.

Technology and Vendor Management

We carefully select and partner with technology vendors that meet strict security standards and comply with HIPAA requirements. Each vendor is thoroughly vetted, and we maintain BAAs to ensure compliance with all regulatory requirements.

Incident Response and Monitoring

GuidePT has implemented proactive monitoring systems to detect and respond to any potential security threats. In the unlikely event of a data breach, we have an incident response plan in place to quickly address and mitigate any issues, while adhering to the necessary reporting requirements.

Data Backup and Recovery

We back up data regularly and securely to protect against accidental loss or damage. Backups are encrypted and stored in geographically distributed data centers to ensure data redundancy and availability.

User Privacy and Responsibility

GuidePT prioritizes the privacy of all users. We require that healthcare organizations using GuidePT ensure that their internal policies align with HIPAA and that they manage their user permissions accordingly. We provide guidance to help organizations configure their access controls to further safeguard PHI.

Contact Us

If you have any questions regarding GuidePT’s security measures or need more information about how we protect your data, please contact our support team at info@guidept.com.