Compliance & Privacy Guidelines
Boomer Health is a technology platform that provides clinical workflow infrastructure for telehealth partners. The platform leverages enterprise-grade security protocols to support compliance across state and federal telehealth regulations. We act as a compliant BAA-covered technology vendor for all white-label partners.
HIPAA / HITECH Compliance
All Patient Protected Health Information (PHI) is encrypted at rest (AES-256) and in transit (TLS 1.3). Access controls adhere to strict Role-Based Access Control (RBAC) methodologies. Databases are isolated, monitored, and audited continuously. Boomer Health signs a Business Associate Agreement (BAA) with every entity utilizing the platform's API.
Ryan Haight Act Compliance
Prescriptions involving controlled substances require a localized, synchronous video evaluation prior to issuance, in accordance with the Ryan Haight Online Pharmacy Consumer Protection Act. The platform automatically blocks asynchronous prescription attempts for scheduled drug classes.
EPCS Protocol
Electronic Prescribing for Controlled Substances (EPCS) is enforced via biometric two-factor authentication (Identity Proofing). All providers using the platform undergo robust identity verification via IdenTrust prior to credentialing.
LegitScript Ready
The platform architecture is designed to support partners in achieving LegitScript certification. We enforce rigid marketing compliance restrictions and clinical data isolation, streamlining the path to recognized telehealth merchant approval.
Platform Liability Disclaimer
Boomer Health is a technology platform — not a healthcare provider, pharmacy, or medical practice. The platform does not prescribe medications, diagnose medical conditions, or render clinical decisions of any kind.
All prescribing, chart reviews, and clinical decisions are made exclusively by independently licensed healthcare providers who operate through the platform under their own medical licenses, malpractice coverage, and DEA registrations. Boomer Health does not employ, supervise, or direct these providers.
The platform provides technology tools for workflow orchestration, chart routing, e-prescribing infrastructure, and pharmacy API integrations. Clinical responsibility rests entirely with the independently licensed provider rendering care.