At TheraSaaS, protecting your clients’ sensitive health information is our highest priority. We are proud to be third-party certified HIPAA compliant by The Compliancy Group, the healthcare industry’s recognized standard for HIPAA compliance verification.

This certification means you can confidently use TheraSaaS knowing that we have the safeguards, policies, and processes in place to protect Protected Health Information (PHI) in full compliance with HIPAA regulations.

Certified HIPAA Compliance

TheraSaaS has earned The Compliancy Group’s Seal of Compliance, validating our good-faith efforts to meet and maintain HIPAA requirements.

• As part of this certification, TheraSaaS completed:

  • Comprehensive self-audits and risk assessments

  • Implementation of security, privacy, and breach response policies

  • Workforce training and attestation

  • Vendor and Business Associate Agreement (BAA) management
    

We also sign Business Associate Agreements (BAAs) with our users and technology partners, ensuring compliance across all parties handling PHI.

How We Protect Your Data

We use enterprise-grade encryption and security to safeguard PHI at every step:

• Encryption: All data is encrypted using the AES-256 standard before being written to disk and automatically decrypted only for authorized users.

• Key Management: Encryption keys are secured by Google’s hardened key management systems, with strict access controls and regular rotation.

• Multi-Factor Authentication (MFA): Protects accounts from unauthorized access.

• End-to-End Coverage: Whether on web or mobile, your PHI is secured with the same controls.
  
  
  
  

What’s Covered Under HIPAA

All data that may contain PHI is protected under our HIPAA program, including:

• Contacts & Notes

• Custom Fields

• SMS/MMS & Voice Recordings

• Emails & Attachments

• Form and Survey Submissions

• Calendars & Appointments

• Invoices

• AI Services—Business Associate Agreements (BAAs) signed with all AI service providers 
• (In short, all objects within your account)
  
  
  
  
  
  Important to Know:

• HIPAA is always on: Once HIPAA protections are enabled, they cannot be turned off, as PHI cannot be “un-encrypted.”
  
  

• Mobile App Included: Conversations, Calendars, and Contacts in the HighLevel mobile app are fully covered under the same encryption and MFA controls.
  
  
  
  

Our Commitment

By choosing TheraSaaS, you are working with a partner that has been independently certified for HIPAA compliance and is committed to protecting your clients’ sensitive health information with the highest standards of privacy and security.

✅ HIPAA Certified
✅ BAAs Signed with Clients & Vendors
✅ End-to-End Encryption & MFA