Compliance and Security | Buildwick Solutions

4.1 Security Overview

Encryption at rest and in transit for all data
Role-based access control with four tiers: SuperAdmin, Admin, Agent, Read-Only
Multi-factor authentication for administrative accounts
24/7 automated security monitoring and anomaly detection
Regular third-party penetration testing and vulnerability assessments

4.2 HIPAA

BAAs available for all Covered Entity customers
Administrative, physical, and technical safeguards aligned with the HIPAA Security Rule
Breach notification procedures aligned with 45 CFR Part 164
See our dedicated HIPAA Compliance page for full details

4.3 Industry Compliance Alignment

Our security practices are designed in alignment with industry-recognized trust and assurance frameworks addressing security, availability, confidentiality, and processing integrity. We continuously evaluate and seek to enhance our compliance posture. Customers requiring compliance documentation may contact us to discuss our current assessments and controls.

4.4 Claims Compliance

Electronic transactions comply with HIPAA Transaction and Code Set Standards (45 CFR Part 162)
Eligibility, claims, remittance, and claim status transmitted through certified partners

4.5 Payment Security

Cardholder data never stored on Buildwick servers; tokenization model used

4.6 Vendor and Subprocessor Management

We maintain a list of third-party subprocessors that may access Customer Data. Subprocessors are subject to contractual data processing agreements or BAAs, security assessment prior to onboarding, and periodic review of their compliance status.

4.7 Business Continuity

RTO target: 4 hours; RPO target: 1 hour
Uptime target: 99.9% monthly availability
Planned maintenance communicated 72+ hours in advance

4.8 Employee and Organizational Security

Background checks conducted on employees with access to production systems
Security awareness training upon onboarding and annually
Access revoked promptly upon employee departure

4.9 Customer Responsibilities

Manage your own user accounts, access levels, and employee offboarding
Obtain patient consents for SMS and recording under HIPAA, TCPA, and state laws
Execute a BAA before inputting PHI into the Platform
Report suspected security incidents promptly

4.10 Report a Vulnerability

Email: contact@buildwicksolutions.com with subject "Security Vulnerability Report"
Acknowledgment within 2 business days; update within 10 business days

4.11 Compliance Governance and Review

Security and compliance policies reviewed and updated at least annually
Risk assessments conducted annually and following material changes
Designated Privacy Officer and Security Officer oversee compliance
Internal compliance committee meets quarterly

Compliance & Security