Compliance, Privacy & Terms
Boomer Health is a technology platform that provides clinical workflow infrastructure for telehealth partners. The platform leverages enterprise-grade security protocols to support compliance across state and federal telehealth regulations. Business Associate Agreements and vendor compliance artifacts are tracked as formal launch requirements before production PHI workflows are enabled.
Privacy Policy
Boomer Health collects the minimum account, contact, clinical intake, prescription, partner operations, provider credential, payment operations, device, usage, and security audit data needed to run the platform. Protected Health Information (PHI) is used for treatment coordination, prescription workflows, healthcare operations, audit logging, platform security, and partner/provider payment operations.
Current production infrastructure runs on Vercel and Neon Postgres. Data is encrypted in transit and at rest, scoped by role and tenant, and retained only as required for healthcare, audit, billing, tax, and legal obligations. Planned AWS storage and email workflows remain launch-gated until the required vendor, BAA, and environment checks are complete.
We do not sell PHI, share patient data with advertisers, use PHI for marketing without written authorization, or use third-party advertising cookies. Essential session and security cookies are used for authentication, CSRF protection, fraud prevention, and platform preferences.
Partner CRM outreach may use email open, click, unsubscribe, bounce, and complaint telemetry to operate consent, suppression, deliverability, and audit controls. Tracking links use opaque tokens and hashed IP/user-agent signals; raw recipient email, raw user-agent text, and patient clinical details are not stored in tracking URLs.
Patients may request access, amendment, an accounting of disclosures, restrictions, confidential communications, or a paper copy of this policy by contacting privacy@boomerhealthtech.com. Privacy complaints may also be filed with the U.S. Department of Health & Human Services Office for Civil Rights.
HIPAA / HITECH Compliance
All Patient Protected Health Information (PHI) is encrypted at rest and in transit. Access controls adhere to strict Role-Based Access Control (RBAC) methodologies. Database access is tenant-scoped, monitored through platform observability, and audited for PHI-sensitive workflows. Boomer Health uses Business Associate Agreements (BAAs) as a required control for covered partner and vendor relationships.
Ryan Haight Act Compliance
Prescriptions involving controlled substances require a localized, synchronous video evaluation prior to issuance, in accordance with the Ryan Haight Online Pharmacy Consumer Protection Act. The platform is designed to enforce synchronous evaluation requirements for scheduled drug classes.
EPCS Protocol
Electronic Prescribing for Controlled Substances (EPCS) is planned behind a dedicated controlled-substance feature gate. Controlled-substance prescribing remains unavailable until EPCS, DEA eligibility, identity proofing, and audit controls are live and verified.
Marketing Compliance
The platform enforces marketing compliance restrictions and clinical data isolation to support partners in meeting telehealth merchant approval requirements.
Compliance Officers
Boomer Health Tech is in the process of formally designating compliance officers responsible for the development and implementation of security and privacy policies per HIPAA §164.308(a)(2). Contact us for current compliance inquiries.
Compliance inquiries: compliance@boomerhealthtech.com
Credential Security & Rotation
Full credential values are never committed to source code. Platform signing secrets and connection strings are stored in encrypted environment variables, partner API keys are hashed and shown once on generation, and webhook signing secrets are encrypted at rest for HMAC verification. Admin-only compliance controls track rotation status with 90-day targets for authentication and platform secrets and 180-day targets for selected third-party integration keys; recorded rotation events include timestamp, operator, and affected system.
Platform Terms of Service
Boomer Health is a technology platform — not a healthcare provider, pharmacy, or medical practice. The platform does not prescribe medications, diagnose medical conditions, or render clinical decisions of any kind.
By accessing the website, partner portal, provider portal, patient portal, APIs, or related services, users agree to use Boomer Health only for lawful healthcare operations, treatment coordination, prescription workflow routing, and authorized partner-provider-patient communications. Users may not attempt to bypass authentication, access another tenant's data, upload malicious content, reverse engineer security controls, or use the platform for emergency medical care.
Partner and provider use is also governed by applicable partner agreements, provider agreements, Business Associate Agreements, payer/payment terms, and clinic-specific policies. If a signed agreement conflicts with this public page, the signed agreement controls for that relationship.
All prescribing, chart reviews, and clinical decisions are made exclusively by independently licensed healthcare providers who operate through the platform under their own medical licenses, malpractice coverage, and DEA registrations. Boomer Health does not employ, supervise, or direct these providers.
The platform provides technology tools for workflow orchestration, chart routing, e-prescribing infrastructure, and pharmacy API integrations. Clinical responsibility rests entirely with the independently licensed provider rendering care.