HIPAA Compliance
Important Notice: ForTheWards is an educational simulation platform that does not collect, store, or process actual Protected Health Information (PHI). All scenarios and patient interactions are fictional and for training purposes only.
Our Commitment to Security
While ForTheWards does not handle real patient data, we implement HIPAA-level security standards to protect your educational records and personal information.
Security Safeguards
Administrative
- • Security policies and procedures
- • Employee training programs
- • Risk assessments
- • Incident response plans
Technical
- • TLS 1.3 encryption in transit
- • AES-256 encryption at rest
- • Multi-factor authentication
- • Regular security updates
Access Controls
- • Role-based access control (RBAC)
- • Row-level security (RLS)
- • Audit logging
- • Session management
Physical
- • SOC 2 certified data centers
- • Redundant backups
- • Disaster recovery plans
- • Geographic redundancy
Business Associate Agreements
We maintain Business Associate Agreements (BAAs) with all vendors who process data on our behalf:
- Supabase: Database and authentication services
- Vercel: Application hosting and edge functions
- Google Cloud (Gemini): AI feedback generation
All vendors are HIPAA-compliant and sign BAAs confirming their obligations to protect your data.
Data Breach Notification
In the unlikely event of a data breach, we will:
- Notify affected institutions within 24 hours
- Notify affected individuals within 72 hours
- Provide detailed information about the breach and mitigation steps
- Cooperate fully with any regulatory investigations
Compliance Certifications
ForTheWards maintains the following compliance standards:
- FERPA Compliant: Protects student educational records
- WCAG 2.1 AA: Accessibility standards
- SOC 2 Type II: In progress (expected Q2 2026)