Back to Home

Security Policy

Last updated on 15 Sep 2025

At ShiftFill, a product of BVE Labs LLC ("ShiftFill," "we," "us"), security is a core priority. We are committed to protecting the confidentiality, integrity, and availability of our systems, data, and services. This Security Policy outlines the key measures we follow to safeguard both our own infrastructure and the data entrusted to us through our home health scheduling platform.

Table of Contents

  1. Data Protection
  2. Access Control
  3. Application Security
  4. Infrastructure Security
  5. HIPAA Compliance
  6. Incident Response
  7. User Responsibilities

1. Data Protection

  • All sensitive data is transmitted using industry-standard encryption protocols (TLS/SSL).
  • We utilize secure cloud hosting providers with built-in encryption at rest and in transit.
  • Access to sensitive data is restricted on a need-to-know basis.
  • Protected health information (PHI) is handled in compliance with HIPAA regulations.

2. Access Control

  • Multi-factor authentication (MFA) is required for all administrative accounts.
  • Role-based access control (RBAC) ensures users only have access to data necessary for their role.
  • Regular access reviews are conducted to ensure appropriate permissions.

3. Application Security

  • Regular security audits and penetration testing are performed.
  • All code undergoes security review before deployment.
  • We follow secure coding practices and OWASP guidelines.
  • Dependencies are regularly updated to address known vulnerabilities.

4. Infrastructure Security

  • Our infrastructure is hosted on secure, HIPAA-compliant cloud platforms.
  • Network segmentation and firewalls protect against unauthorized access.
  • Regular backups are performed and stored securely.
  • Disaster recovery and business continuity plans are maintained.

5. HIPAA Compliance

  • ShiftFill is designed to be HIPAA-compliant for handling protected health information.
  • We execute Business Associate Agreements (BAAs) with covered entities.
  • Administrative, physical, and technical safeguards are implemented as required by HIPAA.
  • Regular risk assessments are conducted to identify and mitigate security risks.

6. Incident Response

  • Security incidents are logged and investigated promptly.
  • Affected users will be notified of incidents in a timely manner, in compliance with applicable laws including HIPAA breach notification requirements.
  • We maintain an incident response plan to address security events.

7. User Responsibilities

While we take strong measures to secure our systems, users are responsible for safeguarding their account credentials and ensuring their devices are protected. Users must:

  • Use strong, unique passwords and enable multi-factor authentication.
  • Keep their devices and software up to date.
  • Report any suspected security incidents immediately.
  • Comply with HIPAA and other applicable regulations when using ShiftFill.

For security concerns or to report vulnerabilities, please contact us at security@shiftfill.ai.