Ethics • Safety • Governance

Compliance at TheraTreat

We operate with patient safety, clinician standards, and regulatory compliance at the core. Below is how we maintain trust across policy, process, and product.

DPDP Principles

Consent & rights

Lawful processing, purpose limitation, deletion on request.

Clinical Verification

Quality first

Credential checks, disciplinary screening, reliability scoring.

Security Controls

Defense in depth

Encryption, RBAC, logs, environment isolation.

Audits

Continuous review

Internal audits, external assessments, corrective actions.

DPDP & Privacy

Digital Personal Data Protection Act, 2023 alignment

Consent‑based processing with clear lawful purposes.
Purpose limitation, minimisation, and defined retention schedules.
User rights: access, rectification, portability, erasure on request.
Dedicated DPO for requests and oversight.

See our Privacy Policy and HIPAA / Data Security for implementation details.

Clinical Standards

Therapist verification and practice quality

Identity & credential verification prior to listing.
Background and disciplinary screening; periodic re‑checks.
Reliability metrics from attendance and patient feedback.
Clear escalation paths for complaints and grievances.

Operational Compliance

Controls across people, process, and technology

RBAC, MFA, session controls, and activity logging.
Change management with reviews and approvals.
Vendor due diligence and data processing agreements.
Incident response runbooks and simulated drills.

Technical controls are summarised on HIPAA / Data Security.

Audits & Monitoring

Continuous assurance and corrective actions

Internal audits on privacy, security, and clinical operations.
External assessments as needed for certifications and partners.
Tracking of findings to closure with accountable owners.

Contact & References

Where to learn more and who to reach

For compliance queries or reports, please contact our DPO at dpo@theratreat.com.

Last updated Oct 25, 2025