Built for Healthcare.
Secured for PHI.
ATLAS HLTH is designed from the ground up to meet the security and compliance requirements of behavioral health organizations handling protected health information.
Compliance & Certifications
HIPAA-Aligned
Built to HIPAA Security Rule standards
SOC 2 Type II
Audit in progress — expected End of Q2 2026
HL7 FHIR R4
Interoperability-ready
256-bit Encryption
AES-256 at rest, TLS 1.3 in transit
42 CFR Part 2
SUD record protections enforced
BAA Available
Business Associate Agreement provided to all covered entities
Security Architecture
Six layers of protection designed specifically for behavioral health data.
Encryption
- 256-bit TLS 1.3 encryption for all data in transit
- AES-256 encryption at rest for all stored PHI
- End-to-end encrypted messaging between care team members
- Encrypted database backups with key rotation
Access Control
- Role-based access control (RBAC) with least-privilege enforcement
- Multi-factor authentication (MFA) for all staff accounts
- Session timeout and automatic logout after inactivity
- IP allowlisting available for enterprise deployments
Audit & Monitoring
- Immutable audit log for every PHI access, modification, and disclosure
- Real-time anomaly detection and alerting
- 6-year audit log retention per HIPAA requirements
- Automated breach detection and notification workflows
Infrastructure
- Hosted on SOC 2 Type II certified cloud infrastructure
- 99.9% uptime SLA with multi-region redundancy
- Automated daily backups with point-in-time recovery
- Network segmentation and firewall protection
Compliance
- Built to HIPAA Security Rule and Privacy Rule standards
- 42 CFR Part 2 compliant for substance use disorder records
- HL7 FHIR R4 ready for interoperability
- SOC 2 Type II audit in progress
Incident Response
- Documented incident response plan per HIPAA Breach Notification Rule
- 72-hour breach notification to covered entities
- Annual penetration testing by independent third party
- Vulnerability disclosure program
Business Associate Agreement
ATLAS HLTH executes a Business Associate Agreement (BAA) with every covered entity and business associate that uses the platform. Our BAA covers all HIPAA-required provisions including breach notification, subcontractor obligations, and PHI safeguards.
Security Questions?
Our security team is available to answer questions from compliance officers, IT teams, and procurement reviewers.
DAPP Inc. d/b/a ATLAS HLTH
850 University Drive, Oxford, MS 38655
Security inquiries: [email protected]
Privacy Officer: [email protected]
HHS Complaint: hhs.gov/hipaa/filing-a-complaint