HIPAA Information

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for protecting sensitive patient health information. When mental health providers use digital tools, those tools must meet HIPAA requirements.

• End-to-end encryption for data in transit
• AES-256 encryption for data at rest
• Unique user identification and authentication
• Automatic logoff after inactivity
• Audit controls and activity logging

• Designated security officer
• Workforce training on security procedures
• Incident response procedures
• Regular risk assessments
• Business associate agreements with all vendors

• Secure, SOC 2 compliant data centers
• Access controls for facilities
• Workstation security policies

Theryo provides Business Associate Agreements (BAAs) to covered entities (healthcare providers) who use our platform. A BAA establishes the permitted uses and disclosures of protected health information (PHI) and requires Theryo to implement appropriate safeguards.

To request a BAA, please contact: compliance@theryo.ai

Under HIPAA, you have the right to:

• Access your health information
• Request corrections to your records
• Receive an accounting of disclosures
• Request restrictions on uses of your information
• File a complaint if you believe your rights have been violated

In the unlikely event of a data breach affecting your protected health information, Theryo will notify affected individuals and relevant authorities in accordance with HIPAA breach notification requirements.

If you have questions about our HIPAA practices or want to report a concern, please contact our compliance team at: compliance@theryo.ai