How we treat your data.

PHI minimization. We do not store customer PHI as part of our service delivery. All patient data stays on the practice's systems. Our role is advisory, training, and incident response.

Access controls. Workforce members access only the practice systems they are explicitly authorized to access, only for the duration of the engagement, with MFA and unique credentials.

Insurance posture. Errors-and-omissions and cyber-liability insurance evidence is available on request before any paid engagement.

Incident reporting. Suspected security issues with this site can be sent to security@medical.hackfirstaid.com. Coordinated disclosure preferred.