Encryption
All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
Secure Infrastructure
Hosted on AWS with SOC 2 Type II compliance
Access Controls
Role-based access, MFA support, and session management
Audit Logging
Comprehensive audit trails for all data access and changes
Our Commitment to HIPAA Compliance
Advanced LTC Solutions, LLC is committed to maintaining the highest standards of security and compliance. As a service provider to healthcare organizations, we understand our responsibilities under the Health Insurance Portability and Accountability Act (HIPAA) and take them seriously.
Business Associate Agreement (BAA)
For covered entities and their business associates, we offer a comprehensive Business Associate Agreement (BAA) that outlines our mutual obligations for protecting Protected Health Information (PHI).
Request a BAA
To request a Business Associate Agreement, please contact our compliance team:
compliance@advancedltcsolutions.comData We Process
Survey Readiness Monitor primarily processes publicly available data from CMS, including:
- Facility names and addresses
- CMS Certification Numbers
- Survey results and deficiency citations (public record)
- Quality measures and star ratings
Important Note on PHI
Our platform is designed to work with facility-level compliance data, not individual patient records. We do not require or request Protected Health Information (PHI) to provide our core services. If your organization chooses to input any data that may contain PHI, you must execute a BAA with us first.
Administrative Safeguards
- Security Officer: Designated security officer responsible for HIPAA compliance
- Workforce Training: All employees complete HIPAA training upon hire and annually
- Risk Assessments: Regular security risk assessments and remediation
- Incident Response: Documented breach notification procedures
- Policies & Procedures: Comprehensive security policies reviewed annually
Technical Safeguards
- Access Controls: Unique user identification, automatic logoff, role-based permissions
- Audit Controls: Complete audit trails of system access and data changes
- Integrity Controls: Mechanisms to authenticate and verify data integrity
- Transmission Security: TLS 1.2+ encryption for all data in transit
- Encryption: AES-256 encryption for data at rest
Physical Safeguards
- Secure Data Centers: AWS data centers with SOC 2 Type II certification
- Facility Access: 24/7 security, biometric controls, and video surveillance at AWS facilities
- Workstation Security: Encrypted devices, secure access protocols for employees
Infrastructure & Subprocessors
We carefully select vendors who meet our security and compliance standards:
| Vendor | Purpose | Compliance |
|---|---|---|
| Amazon Web Services (AWS) | Cloud Infrastructure | HIPAA BAA, SOC 2, ISO 27001 |
| Stripe | Payment Processing | PCI DSS Level 1 |
| Vercel | Marketing Site Hosting | SOC 2 Type II |
Breach Notification
In the unlikely event of a security incident involving your data, we will:
- Notify affected customers within 24 hours of discovery
- Provide detailed information about the nature of the breach
- Describe steps taken to mitigate the incident
- Cooperate fully with any required regulatory notifications
Continuous Improvement
Security and compliance are ongoing commitments. We continuously:
- Monitor for new security threats and vulnerabilities
- Update our practices to meet evolving regulatory requirements
- Conduct regular penetration testing and security audits
- Train our team on the latest security best practices
Contact Our Compliance Team
For questions about our security practices, to request a BAA, or to report a security concern:
Security & Compliance Team
Email: compliance@advancedltcsolutions.com
General Inquiries
Email: ceo@advancedltcsolutions.com