Fizy health
Compliance overview

One map for clinic diligence on Fizy Health

Fizy Health compliance for covered clinics spans HIPAA-aligned platform controls, a Business Associate Agreement before production PHI, tenant isolation and audit trails on patient-linked orders, fulfillment through LegitScript-certified 503A partners, and public legal pages. The Security page is the canonical technical document; Privacy Policy and Terms of Service govern data use and platform obligations. This overview links those pieces so compliance, legal, and ops leads start in the right place.

Instead of hunting scattered answers, use this page as the index for HIPAA, BAA, partners, audit, security, privacy, and terms — then drill into each dedicated guide.

Start Ordering Free BAA at onboarding Security page
HIPAA-aligned BAA at onboarding Security page Privacy Policy Terms of Service LegitScript partners
Compliance stack

The Fizy Health compliance pieces and where they live

Clinic diligence on pharmacy ops vendors usually spans legal agreements, technical safeguards, partner verification, and operational policies. Fizy Health publishes each layer on a dedicated page so your team can assign HIPAA review, legal review, and ops review without conflating software with dispensing.

  • HIPAA

    Platform alignment and shared responsibility

    Fizy Health is built HIPAA-aligned for covered entities: minimum-necessary access, audit controls, encryption, and PHI-safe logging. Your clinic remains the covered entity; Fizy Health processes PHI as business associate under a signed BAA. Detail: HIPAA guide and Security page.

  • BAA

    Contract before production patient data

    Every organization executes a Business Associate Agreement during onboarding before live PHI is stored. Multi-location groups sign at org level with clinic-scoped staff access. Detail: BAA guide.

  • Partners

    LegitScript-certified 503A fulfillment

    Fizy Health routes orders to LegitScript-certified compounding pharmacies. Partners dispense; software coordinates. Clinics confirm formulary and state coverage on onboarding. Detail: LegitScript partners guide and software vs pharmacy.

  • Legal

    Privacy Policy and Terms of Service

    The Privacy Policy explains collection, use, sharing, and protection of clinic and patient information. The Terms of Service define B2B platform access, payments, refunds, and the statement that Fizy Health does not dispense medications.

Canonical pages compliance teams bookmark during vendor review

/security /privacy /terms Audit trail guide Patient data security Verification checklist

Who should start with the compliance overview?

Built for you if

You are onboarding a new pharmacy ops vendor and need a diligence map.

  • Compliance, legal, and ops leads need different entry points to the same vendor — this page assigns them.
  • You are switching from portal hopping to consolidated ordering and must document controls before go-live.
  • You want links to every trust artifact without reading the entire marketing site.
May not be ideal if

You need depth on a single topic only.

  • You only need the BAA timing answer — go directly to the BAA guide instead of this index.
  • You are a patient with a privacy request — contact your clinic as covered entity first.
  • You need custom enterprise contractual terms — contact support@fizy.health before standard onboarding.
Compliant workflows

Product flows that run on governed infrastructure

After BAA onboarding, these surfaces handle patient-linked ordering under the controls summarized above.

Explore all platform capabilities
Learn more

Drill into each compliance topic.

See the full Fizy Health guide
FAQ

Compliance overview questions clinics ask.

  • Start

    Where should compliance review start?

    Start with the Security page for technical controls, then the BAA guide for contractual timing, then Privacy Policy and Terms for data use and platform obligations. Use topic-specific brand guides for HIPAA, audit, and partners.

  • HIPAA

    Is Fizy Health HIPAA compliant?

    Fizy Health is built HIPAA-aligned for covered entities with BAA at onboarding, tenant isolation, audit trails on patient-linked orders, and PHI-safe logging. Your clinic shares responsibility as covered entity for workforce policies and patient requests.

  • SOC 2

    Is Fizy Health SOC 2 certified?

    Fizy Health implements SOC 2 Type II control frameworks across access, encryption, monitoring, and incident response. We describe this as frameworks implemented, not certification, unless an independent auditor issues a report. Enterprise prospects can request documentation under NDA.

  • Partners

    How do pharmacy partners fit compliance review?

    Fizy Health routes to LegitScript-certified 503A partners. Diligence questionnaires should list partners as dispensing entities. Fizy Health documents software controls; partners answer compounding quality and licensure questions.

  • Patients

    Where do patient privacy requests go?

    Patients should generally direct PHI access, correction, or deletion requests through their clinic as covered entity. Fizy Health assists per the BAA when requests involve platform-held records — see Privacy Policy FAQ.

Compliance answers, organized.

Bookmark the Security, Privacy, and Terms pages, sign your BAA at onboarding, and use dedicated guides when you need depth on HIPAA, audit, or partners.

Start Ordering Free BAA at onboarding Security and compliance