This LINK has the 2022 CMS guidelines and this LINK has the marketing & disclaimer language. Please review these fully.

Radiusbob meets the requirements for HIPPA compliance. Simple Shapes, LLC (of which Radius is a part) as a company has completed HIPAA Compliance Training and Radiusbob.com as a Platform has been HIPAA Verified by working with our third party partners, Compliance Group (www.compliancy-group.com). Radius contain requirements within the system that Covered Entities include such as: Unique User Identification, Emergency Access Procedure, Password Requirements (Minimums and Change Requirements), Encryption, Decryption and more.

However, keeping yourself compliant as an agent is critical.

Security is up to all of us, including you.

Security is a shared responsibility at Radius. We control the physical and virtual hosts and can offer a high level of physical and environmental security with both our compute and storage offerings. You're responsible for making sure your Radius Account are securely configured and patched. By following best practices, you can build accounts to meet the exacting standards required by HIPAA, PCI-DSS, GDPR, and your customers.

Every Instance of Radius has extensive physical, environmental, and network capabilities in place:

Access to the data center floor is restricted to data center employees and authorized visitors.
Data Centers are staffed 24/7/365 with security guards and technicians.
All employees and visitors are identified using biometrics and state issued Ids before entering the facility.
HVAC and power have redundant systems, so if one goes out, the others keep our systems powered and within operating temperature.
Multiple Internet carriers using independent fiber connections to the data center floor.

The servers themselves operate within Xen Virtualization, which ensures that each server has its own kernel and user space, which are fully separate from other servers.

Firewall to limit and block unwanted inbound traffic.
SSH key pair authentication connections are authenticated by matching the public key with the private key
Fail2Ban prevents dictionary attacks on servers. When Fail2Ban detects multiple failed login attempts from the same IP address, it creates temporary firewall rules that block traffic from the attacker’s IP address
2048-bit SSL Encryption (https://accountnamehere.radiusbob.com)

Account Level Admin controls to maintain organizational security requirements.

Unique Usernames and Passwords
User Password Requirements – Minimum Password Length, Maximum Password Age (Required Password Changes over X Days)
New Session Date and Time Stamped Per User
Two Factor Authentication Login through SMS (2FA)

Daily, Weekly and Monthly Data off site backups
Encrypted Data in Motion
Encrypted Data at Rest
Server Logs at User Level.

Covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) can maintain compliance using Radius as their Cloud Hosted Solution. While Radius provides the platform and does not generally engage in activities or functions that make it a HIPAA Covered Entity, the compliance responsibilities are handled by your organization. Specifically, a customer that subscribes to use a Radius Account has the exclusive authority and ability to manage all technical safeguards required by HIPAA with respect to its PHI, including access controls, audit controls, integrity, authentication and transmission security.

Radius recommends that you configure your account using the built in Security Measures.

For some guidance on how to harden your systems, start here:

Unique Username And Passwords
Set Required Minimum Password Characters to 8 Minimum
Set Password Update for every 90-120 Days for Users
Require Two Factor Authentication Upon Login for Users
Build Custom Fields using the Encrypted Option
Delete Users as quickly as possible