BAA & HIPAA Compliance
HIPAA Compliance
Section titled “HIPAA Compliance”AlignSure implements safeguards required by the HIPAA Security Rule:
Administrative Safeguards
Section titled “Administrative Safeguards”- Workforce HIPAA training
- Regular risk assessments
- Documented policies and procedures for PHI handling
- Designated security and privacy officers
Technical Safeguards
Section titled “Technical Safeguards”- Access controls tied to Microsoft Entra ID
- Audit controls with immutable logging
- Transmission security (TLS 1.2+)
- Integrity controls (document hashing and version tracking)
Physical Safeguards
Section titled “Physical Safeguards”- Infrastructure hosted in SOC 2-certified data centers
- Physical access restricted to authorized operations personnel
Business Associate Agreement
Section titled “Business Associate Agreement”AlignSure executes BAAs with all customers who require them. The BAA covers:
- All services provided through the AlignSure platform
- Responsibilities of both parties regarding PHI
- Breach notification obligations and timelines
- Data return and destruction upon termination
- Subprocessor management and downstream BA obligations
To request a BAA, contact your Customer Success Manager or visit alignsure.com/baa.
Subprocessors
Section titled “Subprocessors”AlignSure maintains BAAs with all subprocessors who may access PHI. A current list of subprocessors is available upon request.
SOC 2 Roadmap
Section titled “SOC 2 Roadmap”AlignSure is pursuing SOC 2 Type II certification. Controls are designed in alignment with the Trust Services Criteria for security, availability, and confidentiality.