Txt A Doc – HIPAA Security Compliance

Client Overview

Txt A Doc is a U.S.-based e-channeling and medical-documentation platform currently live in New Jersey. It enables patients to securely schedule telehealth appointments, upload and store medical forms, and communicate with providers via web and mobile.

Security Challenges

• Data Privacy & Compliance: Full HIPAA alignment for PHI.
• Secure Data Transmission: Protect against interception.
• Robust Authentication & Authorization: MFA plus adaptive risk.
• Infrastructure Hardening: Continuous drift detection & remediation.
• Supply-Chain Risk: Dependency scanning & signed CI/CD artifacts.

Solution Overview

RTCS delivered a layered, HIPAA-aligned security architecture combining policy, process, and technology:

• Custom HIPAA control matrix mapping to technical safeguards.
• AES-256 at rest (AWS KMS) & TLS 1.3 in transit.
• Zero-Trust RBAC + OAuth 2.0 time-limited tokens.
• AWS Cognito with SMS/app MFA and adaptive challenges.
• SIEM (Splunk Cloud), Terraform + Driftctl, Snyk, Qualys, Checkmarx, OWASP ZAP.

Implementation Details

• Policy & Process: AUP, Access Control Policy, Incident Response Plan, tabletop exercises.
• Technical Controls: VPC segmentation, envelope encryption, Lambda-driven Cognito triggers, real-time SIEM dashboards.
• Testing & Validation: NIST 800-115 pentest, red-team exercise, drift misconfiguration tests.
• Training & Handover: Two-day workshop, living playbook, runbooks for common incidents.

Results & Benefits

Technologies & Tools

• Identity & Access: AWS Cognito, OAuth 2.0
• Encryption: AWS KMS, TLS 1.3
• IaC & Drift Detection: Terraform, Driftctl
• Dependency Scanning: Dependabot, Snyk
• Static Analysis: Checkmarx
• Dynamic Scanning: OWASP ZAP
• SIEM: Splunk Cloud
• Pen Testing: Custom red-team scripts