HIPAA-Ready Infrastructure
BAA-covered telephony, AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, and append-only audit logging — all out of the box.
21 CFR Part 11 Readiness
Append-only audit logs with timestamped actions, electronic record controls, and full traceability designed to support FDA-regulated environments.
Consent Management
Per-channel opt-in tracking with TCPA and CAN-SPAM compliance. Every consent event produces an audited consent event record.
Audit Logging
Every API call is logged. PHI access events are stored in a separate, append-only audit log with caller identity and timestamp.
Encryption
AES-256 at rest for all stored data and TLS 1.3 for every connection in transit.
Multi-Tenant Isolation
Every database query is scoped by tenant ID. Isolation is enforced at the ORM layer and validated by an automated test suite.
De-Identification
Configurable export profiles that strip names, hash phone numbers, and remove free-text identifiers before data leaves the platform.
Role-Based Access
Four permission tiers — Owner, Admin, Coordinator, Viewer — with every action logged against the acting user.
SOC 2 Type II (In Progress)
Continuous infrastructure monitoring, automated vulnerability scanning, and a documented incident-response playbook. Certification in progress.
How your data moves \u2014 and where it\u2019s protected
Compliance is a shared responsibility. TrialScreen provides technical controls to support regulatory requirements. Each organization is responsible for its own compliance determination, including execution of required Business Associate Agreements.