Security & Compliance

Data Protection, Privacy, and Regulatory Compliance Program

Acuity Clinical Group maintains a focused, practical security and compliance posture appropriate for a small healthcare vendor. Our safeguards protect sensitive information, support operational reliability, and meet the expectations of our clinical and administrative partners.


Access Controls & Authentication

We use modern access‑control practices to protect systems and data:

  • Multi‑Factor Authentication (MFA) is required for all accounts.

  • Role‑based access ensures users only access what they need.

  • Administrative access is limited and monitored.

These controls reduce unauthorized access risk and align with current healthcare security expectations.


Data Encryption

Acuity protects sensitive information through industry‑standard encryption:

  • All data is encrypted in transit using TLS 1.2+.

  • All data is encrypted at rest using AES‑256.

This ensures confidentiality whether information is being transmitted or stored.


Email Security

We use modern email authentication to prevent spoofing and impersonation:

  • SPF, DKIM, and DMARC are implemented on our domain.

  • External email warnings help identify potential phishing attempts.

These measures significantly reduce email‑based security risks.


HIPAA Alignment

Acuity Clinical Group maintains HIPAA‑aligned administrative, technical, and physical safeguards. All staff complete annual HIPAA training, and we follow secure handling practices for PHI and ePHI.

We do not collect or store PHI through our public website.


Vendor & Partner Requirements

We maintain Business Associate Agreements (BAAs) with all vendors who may interact with PHI. We work only with partners who meet modern security and compliance standards.


Risk Assessment

Acuity conducts an annual risk assessment to evaluate safeguards, identify potential risks, and guide improvements in our security posture.


Incident Response

We maintain a concise incident‑response procedure outlining communication steps, containment actions, and recovery expectations. This ensures we can respond quickly and effectively if an issue arises.


Commitment to Security

Acuity Clinical Group is committed to maintaining a practical, reliable, and modern security posture that protects our partners and supports the operational needs of clinical environments.