Skip to main content
Salix Compass LogoSalix Compass™

HIPAA Compliance FQHC Trust & Safety at Salix Compass

How we protect patient data through HIPAA compliance for FQHC partners, secure technology design, and Washington State regulatory safeguards.

HIPAA Compliance FQHC Status: Where We Are Today

Our Current Operations

First, Salix Compass operates as a Washington-based nonprofit project. We receive fiscal sponsorship from Evergreen Social Impact, which allows us to focus on our core mission. Specifically, we help reduce administrative burden for Federally Qualified Health Centers (FQHCs) and safety-net providers. Additionally, we work to improve medication access for patients who face financial and paperwork barriers.

What Data We Currently Handle

Important:

Currently, we do not provide direct patient services. As a result, we do not collect or process Protected Health Information (PHI) or Consumer Health Data through our public website or technology platforms. Furthermore, our development environment uses only synthetic (non-real) data for testing purposes.

Our Data Protection Principles

First and foremost, we design our systems around patient privacy. Therefore, we follow these four core principles:

  1. Minimize data: We collect only the information we need to respond to inquiries or plan future services.
  2. Never sell data: We do not sell personal information or Consumer Health Data.
  3. Mission-driven nonprofit: As a fiscally sponsored nonprofit project, we use data exclusively to support our mission.
  4. Security by design: We build our technology platforms with strong security foundations.

Technical Safeguards for HIPAA Compliance FQHC Partners

Our Cloud Infrastructure

First, we build our technology platforms on HIPAA-eligible cloud infrastructure from industry-leading providers with secure hosting.

Current Security Measures

  • Environment separation: We maintain completely separate development and production environments.
  • Strict access control: We limit access to authorized team members only and require multi-factor authentication.
  • Encryption in transit: We protect all traffic with industry-standard HTTPS (TLS encryption).
  • Activity monitoring: Comprehensive logging and monitoring capabilities.

Future Enhancements

We will implement enterprise-grade permission systems and data isolation safeguards before handling real patient information.

HIPAA Compliance FQHC Roadmap & Washington MHMDA

Our Regulatory Compliance Plan

We commit to full compliance with federal HIPAA requirements and Washington State My Health My Data Act (MHMDA).

  • Key Compliance Milestones: Establishing Business Associate Agreements (BAAs), maintaining a dedicated Consumer Health Data Privacy Policy, and mandatory workforce training.
  • Timeline: Until we complete these safeguards, our technology platforms will remain in pre-production status and will not process any live patient records.

Our Commitment to Patients and FQHC Clinics

Building Trust Through Action: We design technology to support audit-ready documentation and work transparently with partners about data flows.

LEGAL DISCLAIMER

Salix Compass is a nonprofit patient advocacy project. We are not affiliated with, endorsed by, or sponsored by Salix Pharmaceuticals, Ltd. or its affiliates.