Compliance & Security
Every resident's data is sensitive. Every facility's reputation depends on how that data is handled. We treat both with the seriousness they deserve.
Compliance is architecture, not an add-on
TRC was designed with regulatory compliance embedded into its foundation, not applied as a layer after the fact. HIPAA requirements, CMS documentation standards, and data security controls are built into every component of the platform.
This means your facility inherits a compliance posture from day one. When auditors ask for documentation, it's there. When surveys question monitoring records, they're airtight. When patients or families ask how their data is protected, you have a clear answer.
Independently verified, continuously maintained
HIPAA Compliant
Full administrative, physical, and technical safeguards in place. BAAs executed with all downstream data processors. Breach response protocols tested and documented.
CMS Aligned
All RPM and CCM documentation follows CMS billing and quality reporting standards. Every minute logged, every threshold crossed, every alert sent, timestamped and formatted for reimbursement.
FDA Registered
TRC's monitoring devices are registered with the FDA as general wellness and clinical monitoring devices, with clinically validated accuracy for the vital signs they measure.
SOC 2 Type II
Independently audited security controls covering availability, confidentiality, and processing integrity. Annual audits, with continuous monitoring between cycles.
HL7 / FHIR Compliant
All data exchange follows healthcare interoperability standards, ensuring clinical data moves cleanly between TRC and your EHR without transformation errors or data loss.
Role-Based Access Control
Granular permission levels ensure that each staff member sees exactly what they need, and nothing they don't. Every access event is logged with timestamp and user identity.
Your data stays yours
TRC does not sell, license, or aggregate resident health data for any secondary purpose. Your facility's data is yours, used exclusively to deliver the monitoring and care coordination services you've contracted for.
Sensors capture physiological signals, not identifiable information. All identity linkage and enrichment happens within your encrypted instance, under your facility's BAA, with access limited to credentialed personnel.
We maintain a full data processing record at all times, exportable on request for legal, regulatory, or internal audit purposes.
Need our compliance documentation?
We can provide BAAs, security summaries, and audit reports upon request. Reach out to our compliance team directly.
Request Documentation