Security & HIPAA

Designed not to harm.

HIPAA is the floor. Pace was built so you and your patients can show up to a daily check-in without ever wondering where the data goes — encryption end-to-end, BAA on every contract, audit trail on every read.

HIPAA Compliance

The infrastructure layer.

🔒

Encryption at rest and in transit

TLS 1.3 for all client-server traffic. AES-256 server-side encryption on all Pace storage. Database connections require SSL.

👤

Role-based access control

Clinicians see only their own patients. Patients see only their own data. Audit trail records every access with timestamp, actor, target, and IP.

📝

Append-only audit log

Every PHI read or write writes a row. Six-year retention per HIPAA. Records survive even soft-deletes.

30-minute session timeout

JWT auth tokens expire after 8 hours of validity, with active session timeout enforced at the dashboard level.

📜

BAA included

Every Pace contract includes a Business Associate Agreement with NeuroMotive, LLC. All upstream subprocessors (hosting, storage, AI inference, SMS, email) sit under BAAs of their own. Sign at signup; the full text lives at /baa if you want to read it.

🚨

Breach notification ready

Audit log + retention + monitoring stack mean we can produce a HIPAA-compliant breach notification within the 60-day window if it’s ever required.

💬

HIPAA-compliant SMS reminders

Daily check-in nudges go out over Twilio HIPAA Security Edition with a signed BAA. Message bodies never include PHI — just a magic link. Patients opt in explicitly and can reply STOP any time.

Clinical Safety

When your patient is in crisis,
Pace doesn't wait for the next visit.

An opt-in safety layer that makes between-visit monitoring responsible — in-session C-SSRS screening, universal 988 resources for every patient, and results logged for your review. Pace is not an emergency service.

The most important moment in any remote-monitoring product is the one when a patient quietly signals they’re struggling. When you turn on suicide-risk screening and a patient endorses PHQ-9 Q9 — “Thoughts that you would be better off dead, or of hurting yourself in some way” — at any level above zero, the app routes them, in the same session, to the Columbia Suicide Severity Rating Scale (C-SSRS) Screener. Not on the next 16-day review. Not on tomorrow’s schedule. In the same session, the moment they tap submit.

If the C-SSRS shows active ideation with a plan or intent, or any past-month suicidal behavior, the patient is held on a persistent crisis screen with one-tap routing to 988, the Crisis Text Line (text HOME to 741741), and a search for the nearest emergency room. The screen cannot be dismissed with a back gesture — it stays in front of the person who needs it most, until they choose where to go. And those crisis resources are available to every patient, from any screen, at any time — never gated on a score.

The C-SSRS result is logged to your review queue and flagged by severity at the top of your dashboard, for you to review on your normal cadence. Pace does not page you in real time and is not an emergency service — patients are always pointed to 988 and 911 for emergencies. You acknowledge each result with a resolution note, and that note becomes part of the audit trail you can hand to a regulator, a malpractice carrier, or a Joint Commission surveyor.

This follows the pattern recommended by Joint Commission NPSG 15.01.01, the AIMS Center Collaborative Care protocols, Zero Suicide, and Mayo Clinic’s validation of the C-SSRS as the standard cascade from a positive PHQ-9 Q9. You decide whether to turn it on for your practice. When you do, your patients get a standardized in-session screen and universal crisis resources, and you get the documentation — reviewed on your cadence — that proves it happened.

Privacy by Design

Your patient’s data stays between you and them.

No advertising or marketing trackers on patient flows.

Zero advertising or analytics pixels on any page that touches PHQ-9, GAD-7, C-SSRS, mood data, or patient identifiers. Product analytics is HIPAA-eligible and runs server-side only for any flow involving patient information.

AI is bounded and never clinical.

Pace uses AI for two narrow purposes: a brief acknowledgment after a check-in, and a Sunday weekly reflection. System prompts explicitly forbid clinical interpretation, advice, medication mentions, and score references. AI never appears in the safety-of-life path.

No prescribing workflow.

Pace is a remote-monitoring product. Prescribing stays in your normal practice management system. We don’t touch medication workflows at all.

Patient data is never sold or licensed.

Our privacy policy commits in writing to never selling, licensing, or transferring patient data for commercial purposes. The only outbound flows are to you (their clinician), to our HIPAA-eligible AI provider for the warm-acknowledgment text only (PHI minimized — first name and about-me context, never scores), and to your billing team via the audit PDF you download.

Explicit consent before any data collection.

Patients sign a plain-language RTM consent document before their first check-in. Re-prompted on material changes. The version they signed is part of the audit trail.

Questions about a specific compliance requirement?

Your compliance officer, malpractice carrier, or biller can email us directly. We answer.

Contact us →