Our Commitment to Patient Privacy
At Flor Inc., we understand that securing Protected Health Information (PHI) is the foundation of clinical communication. This portal was engineered specifically to replace non-compliant SMS texting, utilizing enterprise-grade encryption and access controls to exceed HIPAA and HITECH standards.
1. Infrastructure & Hosting
Our platform operates on Google Cloud Platform (GCP), an industry leader in enterprise security.
- Dedicated Environments: Tenant data is strictly isolated to prevent cross-facility exposure.
- Business Associate Agreements: Our infrastructure is covered by comprehensive BAAs with our cloud providers.
2. Encryption Standards
Data is never left exposed, whether it is moving or sitting still.
- In Transit: All data transmitted between the user's browser and our servers is encrypted using TLS 1.3 (Transport Layer Security) over HTTPS.
- At Rest: All clinical ledgers, chat logs, and uploaded media (images/PDFs) are encrypted at rest using AES-256 encryption within our database.
3. Access Control & Authentication
We ensure that only authorized facility staff can access the portal.
- Multi-Factor Authentication (MFA): Access requires identity verification.
- No App Downloads Required: As a secure Progressive Web App (PWA), we do not require facilities to bypass or alter their internal Mobile Device Management (MDM) profiles.
- Session Management: To protect unattended workstations or iPads, the portal enforces a strict 15-minute inactivity auto-logout.
4. Minimum Necessary Standard for Alerts
Standard SMS texting is not HIPAA compliant. When Flor Inc. alerts a provider that a message is waiting, the system utilizes the "Minimum Necessary Standard."
- SMS alerts contain only metadata (e.g., "You have a secure triage message").
- Providers must securely log into the encrypted portal to view patient names, vitals, and images.
For detailed legal and privacy inquiries, or to request a copy of our standard BAA, please contact our administrative team.
← Back to Login