Security at Infiniti Solution

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. This includes all patient records, EVV logs, and billing data stored on our servers.

We operate as a HIPAA Business Associate and sign a Business Associate Agreement (BAA) with every agency client. PHI is handled under strict access controls with full audit logging.

Our platform is built around Minnesota's 245D licensing requirements, including EVV mandate compliance, DHS-approved data formats, and secure record retention for the required 7-year period.

Every user has a defined role (Admin, Coordinator, Caregiver, Billing). Access is limited to only the data necessary for that role. Admins can customize permissions at the agency level.

MFA is available for all accounts and required for Admin-level users. We support authenticator apps and SMS-based verification to protect against unauthorized access.

Location data collected for Electronic Visit Verification is transmitted over encrypted channels, stored securely, and only accessible to authorized agency staff and state systems.

Every action taken in the platform is logged — login events, record changes, exports, and billing submissions. Audit logs are tamper-resistant and retained per regulatory requirements.

Infiniti Solution is hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA, automated failover, and geographically redundant backups performed daily.

We maintain a documented incident response plan. In the event of a data breach, affected clients are notified within 60 days as required by HIPAA, and remediation steps are taken immediately.

Our platform undergoes regular vulnerability assessments and penetration testing. We follow OWASP guidelines and remediate identified vulnerabilities on a priority basis.