Security
Effective date: July 13, 2026
Security and privacy are foundational to GoodCare OS, a product of TGCH Technologies Corporation ("TGCH"). Because our platform handles sensitive agency, caregiver, and patient information, we design our systems and processes to protect that data throughout its lifecycle. This page provides a plain-language overview; specific controls are described in more detail in our customer documentation and Business Associate Agreement.
Data Protection
- Data is encrypted in transit using industry-standard TLS and encrypted at rest.
- Protected health information (PHI) is handled as a Business Associate under HIPAA, subject to a signed BAA.
- Backups are maintained to support recovery, and retention follows customer and regulatory requirements.
Access Controls
- Role-based access controls limit what each user can see and do within the platform.
- We apply the minimum-necessary principle so users and systems access only the data required for their function.
- Administrative access to production systems is restricted and logged.
Infrastructure & Monitoring
- The platform runs on reputable cloud infrastructure with physical and network security maintained by the provider.
- Activity and audit logs support traceability of key actions within the platform.
- We monitor for anomalies and maintain processes to respond to potential security events.
Electronic Visit Verification (EVV)
Where required, GoodCare OS supports EVV consistent with the 21st Century Cures Act and applicable state rules, transmitting verified visit data to the appropriate state aggregator.
Compliance Program
We align our controls with the HIPAA Security Rule and are pursuing SOC 2 Type II examination. Our compliance posture continues to mature as the platform grows; current status can be confirmed with our team during procurement or security review.
Incident Response & Breach Notification
We maintain an incident-response process and will notify affected customers of security incidents and breaches of unsecured PHI consistent with our agreements and the HIPAA Breach Notification Rule.
Reporting a Vulnerability
If you believe you have found a security vulnerability in GoodCare OS, please report it to us at the address below so we can investigate promptly. We appreciate responsible disclosure.
Contact
Maker of GoodCare OS
1221 W Belt Line Rd, Ste 200
Cedar Hill, TX 75104
Email: info@tgchtech.com