HIPAA Compliance Statement

Our Commitment to Healthcare Privacy

Oregon Counselors Directory operates as a directory service and voluntarily adheres to rigorous HIPAA-compliant standards to protect the integrity of the platform and secure any transmission of Protected Health Information (PHI).

Technical Safeguards

• Encryption in Transit: TLS 1.3 protected communications
• Encryption at Rest: AES-256 standard encryption
• Access Controls: Role-based access with Bcrypt password hashing
• Audit Logging: Granular threat-identifying tracking

Business Associate Agreements

The directory operates on modern cloud infrastructure utilizing vendors who support HIPAA-compliant environments. Where applicable, we establish Business Associate Agreements (BAAs) with third-party vendors to ensure a continuous chain of security and compliance.

Administrative Safeguards

Access to backend systems is strictly monitored and limited to authorized personnel using multi-factor authentication. Server environments are hosted within ISO 27001-certified and SOC 2 Type II compliant data centers.

Secure Lead Generation

When patients contact verified Growth or Pro tier providers through our platform:

• The directory acts as an intermediary; PHI is not permanently stored
• Providers must ensure their own compliant reception systems

Provider Responsibility

It is the explicit responsibility of individual practitioners and clinics utilizing Oregon Counselors Directory to maintain their own HIPAA compliance regarding the reception, storage, and processing of patient data acquired through this platform.

Reporting & Contact

If you believe there has been a breach of unsecured protected health information or have questions regarding our security protocols, please contact support@orcounselors.com.