Resiliency Technologies, Inc. is committed to protecting the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. The Sharpen® DTX platform is designed and operated in full compliance with applicable HIPAA requirements, including the Privacy Rule, Security Rule, and Breach Notification Rule.
Compliance Posture
- Sharpen® DTX operates under a fully executed Business Associate Agreement (BAA) framework for all covered entity partners
- Our infrastructure is built and managed on AWS, leveraging AWS Audit Manager with HIPAA-specific pre-built frameworks and conformance packs
- AWS Config continuously monitors approximately 40 resource types against HIPAA compliance rules across all production environments
- Our EHR integration with Epic via SMART on FHIR adheres to applicable interoperability and privacy standards
- SOC 2 Type II certification is in progress, targeted for Q3 2026, via an AWS-funded engagement
Administrative Safeguards
- Formal HIPAA workforce training program in place for all personnel with access to PHI
- Documented security policies and procedures reviewed on a regular cadence
- Risk analysis and risk management processes aligned with HIPAA Security Rule §164.308
- Incident response and breach notification procedures in place per §164.400–414
- Business Associate Agreements executed with all vendors handling PHI
Technical Safeguards
The following technical controls are implemented and continuously monitored across our production AWS environment:
Audit Controls — §164.312(b)
- AWS CloudTrail enabled across all regions with encryption and log file validation
- VPC Flow Logs enabled across all production VPCs for network-level audit logging
- AWS Config continuous recording for all security-critical resource types including IAM, Security Groups, KMS keys, and CloudTrail
- Amazon GuardDuty and AWS Security Hub enabled for continuous threat detection and security finding aggregation
Encryption — §164.312(a)(2)(iv) & §164.312(e)(2)(ii)
- All data encrypted at rest — S3 server-side encryption, RDS storage encryption, and EBS volume encryption enforced via AWS Config rules
- All data encrypted in transit — TLS enforced for all S3 access and API communications
- AWS KMS customer-managed keys (CMKs) with automated key rotation enabled
Access Controls — §164.312(a)
- Multi-factor authentication (MFA) enforced for all IAM console access
- Least-privilege IAM role and policy architecture; unused credentials automatically flagged
- RDS instances not publicly accessible; S3 buckets blocked from public read/write
- VPC security groups restrict SSH and common ports to authorized sources only
- Default VPC security groups closed; no open inbound access permitted
Physical Safeguards
- All infrastructure is hosted in AWS data centers, which maintain SOC 1/2/3, ISO 27001, FedRAMP, and HIPAA compliance certifications
- No PHI is stored or processed on physical hardware owned or managed by Resiliency Technologies
- AWS shared responsibility model governs physical access controls for all underlying data center infrastructure
Business Associate Agreements
If your organization is a HIPAA covered entity or business associate and requires a Business Associate Agreement prior to deployment of Sharpen® DTX, please contact our team. We execute BAAs as a standard part of our health system onboarding process and maintain BAAs with all vendors and subprocessors who may access PHI on our behalf, including Amazon Web Services.
Questions & Compliance Inquiries
For questions about our HIPAA compliance program, to request a BAA, or for any privacy-related inquiries, please contact us directly:
A full HIPAA Notice of Privacy Practices will be published here upon completion of our SOC 2 Type II certification. For more detail on our privacy practices in the interim, please review our Privacy Policy.