Skip to main content
Legal & Security

Compliance & Privacy Guidelines

Boomer Health is a technology platform that provides clinical workflow infrastructure for telehealth partners. The platform leverages enterprise-grade security protocols to support compliance across state and federal telehealth regulations. We act as a compliant BAA-covered technology vendor for all white-label partners.

HIPAA / HITECH Compliance

All Patient Protected Health Information (PHI) is encrypted at rest (AES-256) and in transit (TLS 1.3). Access controls adhere to strict Role-Based Access Control (RBAC) methodologies. Databases are isolated, monitored, and audited continuously. Boomer Health signs a Business Associate Agreement (BAA) with every entity utilizing the platform's API.

Ryan Haight Act Compliance

Prescriptions involving controlled substances require a localized, synchronous video evaluation prior to issuance, in accordance with the Ryan Haight Online Pharmacy Consumer Protection Act. The platform automatically blocks asynchronous prescription attempts for scheduled drug classes.

EPCS Protocol

Electronic Prescribing for Controlled Substances (EPCS) is enforced via biometric two-factor authentication (Identity Proofing). All providers using the platform undergo robust identity verification via IdenTrust prior to credentialing.

Marketing Compliance

The platform enforces marketing compliance restrictions and clinical data isolation to support partners in meeting telehealth merchant approval requirements.

Compliance Officers

Boomer Health Tech is in the process of formally designating compliance officers responsible for the development and implementation of security and privacy policies per HIPAA §164.308(a)(2). Contact us for current compliance inquiries.

Compliance inquiries: compliance@boomerhealthtech.com

Credential Security & Rotation

All system credentials (API keys, database passwords, signing secrets) are stored exclusively in encrypted environment variables — never in source code. Credentials are subject to a mandatory 90-day rotation policy for authentication secrets and 180-day rotation for third-party API keys. Rotation events are tracked with full audit trails including timestamp, operator, and affected system.

Platform Liability Disclaimer

Boomer Health is a technology platform — not a healthcare provider, pharmacy, or medical practice. The platform does not prescribe medications, diagnose medical conditions, or render clinical decisions of any kind.

All prescribing, chart reviews, and clinical decisions are made exclusively by independently licensed healthcare providers who operate through the platform under their own medical licenses, malpractice coverage, and DEA registrations. Boomer Health does not employ, supervise, or direct these providers.

The platform provides technology tools for workflow orchestration, chart routing, e-prescribing infrastructure, and pharmacy API integrations. Clinical responsibility rests entirely with the independently licensed provider rendering care.