Trust & Compliance

How we protect the families we serve

Legacy Behavioral Collective operates in alignment with HIPAA to safeguard protected health information (PHI) and honor the trust you place in our team.

Request a BAA See billing & insurance FAQ

Our commitments

  • HIPAA-aligned policies with minimum necessary access, audit logs, and role-based permissions for PHI.
  • Encryption in transit (TLS) and at rest for client records, documents, and messaging.
  • Business Associate Agreements (BAA) made available upon request for covered entities and partners.
  • Documented incident response: rapid triage, containment, and client notification consistent with applicable HIPAA breach rules.

Privacy & consent

We use written consent for sharing PHI, follow least-privilege access, and honor requests for copies or corrections to records as permitted by law.

Data retention

Clinical documentation is retained per California and federal requirements; administrative data is kept only as long as needed for care, billing, or legal obligations.

Security controls

Access
Role-based access with MFA for administrative consoles and periodic access reviews.
Transport
TLS 1.2+ for all public endpoints and secure file delivery.
Storage
Encrypted databases and backups with restricted administrative access.
Monitoring
Audit trails for PHI access and alerts for anomalous activity.
Vendors
Third parties handling PHI are vetted and sign BAAs or equivalent agreements.

Need something specific?

For security questionnaires, BAAs, or records requests, contact us and we will respond promptly.

Contact compliance team ->