Security & Compliance at TheraPrac

TheraPrac is designed with security, privacy, and compliance as foundational principles. Our platform supports healthcare providers and other regulated customers by protecting sensitive data and aligning with recognized healthcare and security requirements.

This page provides an overview of TheraPrac's approach to security and compliance. Detailed documentation is available upon request.

HIPAA Compliance & Business Associate Agreements

TheraPrac is built for healthcare use cases and supports compliance with the Health Insurance Portability and Accountability Act (HIPAA).

TheraPrac operates as a business associate to healthcare customers that qualify as covered entities under HIPAA. We implement administrative, physical, and technical safeguards designed to protect protected health information (PHI) throughout its lifecycle.

As part of our standard onboarding process, TheraPrac executes a Business Associate Agreement (BAA) with covered entity customers.

Our HIPAA-aligned practices include:

  • Administrative, physical, and technical safeguards
  • Role-based access controls and least-privilege enforcement
  • Encryption of data in transit and at rest
  • Audit logging and security monitoring
  • Incident response and breach notification procedures
  • Vendor and subprocessor risk management

Security Architecture & Data Protection

TheraPrac protects sensitive healthcare data using a layered security approach designed to support confidentiality, integrity, and availability.

Core security practices include:

  • Encryption in transit and at rest
  • Logical tenant data isolation
  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Audit logging and monitoring
  • Secure backup and recovery processes

Security controls are reviewed periodically and evolve as the platform and threat landscape change.

Alignment with Industry Security Frameworks

In addition to HIPAA, TheraPrac aligns its security governance and control environment with widely recognized industry frameworks.

SOC 2

TheraPrac's controls and operational practices are designed to align with the SOC 2 Trust Services Criteria, with a focus on Security, Availability, and Confidentiality.

A SOC 2 report has not yet been issued.

ISO/IEC 27001

TheraPrac maintains an Information Security Management System (ISMS) designed to align with the principles and control objectives of ISO/IEC 27001.

TheraPrac is not currently ISO/IEC 27001 certified.

Shared Responsibility Model

Security and compliance are a shared responsibility.

  • TheraPrac is responsible for application security, access controls, data protection, monitoring, incident response, and vendor governance.
  • Cloud service providers are responsible for physical data center security and underlying infrastructure protections.
  • Customers are responsible for appropriate user access configuration, internal policies, and compliance with their organizational obligations.

Additional Compliance Documentation

Detailed security and compliance documentation, including our Security, Privacy & Compliance White Paper, is available upon request.

For security inquiries, compliance questions, or documentation requests, please contact:

compliance@theraprac.com

TheraPrac logo featuring a stylized medical cross symbol in gradient green and white, followed by the word 'TheraPrac' in modern, rounded font with 'Thera' in green and 'Prac' in white.
Elevate Care, Change Lives.

About

Privacy Statement Terms of Service

Contact Us

+1.801.599.3204 info@theraprac.com

3865 S Arroyo Rd,
Salt Lake City, UT 84106

Sign up for early access

Thank you! You have
been subscribed.
Oops! Something went wrong while submitting the form.
© Therapy Practice Corporation