ProteusDx™
CERTIFIED & COMPLIANT

Compliance & Certifications

ProteusDx™ maintains the highest standards of regulatory compliance, data security, and quality management to ensure patient safety and data protection.

HIPAA Compliant

Full compliance with Health Insurance Portability and Accountability Act

FDA Cleared

FDA-cleared Class II medical device for diagnostic use

CLIA Certified

Clinical Laboratory Improvement Amendments certified

SOC 2 Type II

Audited security, availability, and confidentiality controls

HIPAA Compliance

ProteusDx™ is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. We implement comprehensive administrative, physical, and technical safeguards to protect Protected Health Information (PHI).

Administrative Safeguards

Security Management Process
Workforce Training & Management
Information Access Management
Security Incident Procedures
Contingency Planning
Business Associate Agreements

Physical Safeguards

Facility Access Controls
Workstation Security
Device & Media Controls
Secure Disposal Procedures

Technical Safeguards

Access Control (Unique User IDs)
Audit Controls & Logging
Integrity Controls
Transmission Security (TLS 1.3)
Encryption at Rest (AES-256)
Automatic Logoff

FDA Clearance

Our capsule endoscopy technology has received FDA 510(k) clearance as a Class II medical device for visualization of the small bowel and colon. We maintain compliance with FDA regulations including:

21 CFR Part 820 - Quality System Regulation

Comprehensive quality management system covering design controls, manufacturing processes, corrective and preventive actions (CAPA), and post-market surveillance.

21 CFR Part 11 - Electronic Records

Electronic records and signatures meet FDA requirements for authenticity, integrity, and confidentiality with comprehensive audit trails.

Medical Device Reporting (MDR)

Established procedures for reporting adverse events and device malfunctions to the FDA in accordance with 21 CFR Part 803.

Post-Market Surveillance

Ongoing monitoring of device performance, safety, and effectiveness through systematic data collection and analysis.

CLIA Certification

Our laboratory operations are certified under the Clinical Laboratory Improvement Amendments (CLIA) for high-complexity testing. We maintain compliance with all CLIA requirements:

Personnel Qualifications

Laboratory director, technical supervisors, and testing personnel meet CLIA qualification requirements.

Quality Control

Daily quality control procedures ensure accuracy and reliability of test results.

Proficiency Testing

Participation in external proficiency testing programs to validate testing accuracy.

Quality Assurance

Comprehensive quality assurance program with regular audits and performance reviews.

Patient Test Management

Established procedures for specimen handling, result reporting, and record retention.

Inspections

Regular inspections by CMS or accrediting organizations to maintain certification.

Information Security Standards

SOC 2 Type II Compliance

We maintain SOC 2 Type II certification, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy. Our controls are audited annually by independent third-party auditors.

Security (Common Criteria)
Availability (99.9% Uptime)
Processing Integrity
Confidentiality Controls
Privacy Safeguards

ISO 27001 Alignment

Our information security management system (ISMS) is aligned with ISO 27001 international standards, covering risk assessment, security policies, asset management, access control, cryptography, and incident management.

NIST Cybersecurity Framework

We implement controls based on the NIST Cybersecurity Framework, including Identify, Protect, Detect, Respond, and Recover functions to manage cybersecurity risk.

Data Protection & Privacy

GDPR Readiness

While primarily operating in the United States, we maintain practices aligned with the European Union's General Data Protection Regulation (GDPR) for international patients:

Data Minimization
Purpose Limitation
Right to Access & Portability
Right to Erasure
Breach Notification (72 hours)
Data Protection Impact Assessments

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA), providing California residents with rights to know, delete, and opt-out of the sale of personal information (note: we do not sell personal information).

Quality Management System

Our Quality Management System (QMS) is designed to ensure consistent delivery of safe, effective diagnostic services:

ISO 13485 Alignment

Medical device quality management system aligned with ISO 13485 requirements for design, development, production, and post-market activities.

Document Control

Comprehensive document management system ensuring all procedures, work instructions, and records are controlled, reviewed, and approved.

Risk Management

Systematic risk management process following ISO 14971 to identify, evaluate, and mitigate risks throughout the product lifecycle.

Corrective and Preventive Actions (CAPA)

Formal CAPA process to investigate nonconformities, implement corrections, and prevent recurrence.

Internal Audits

Regular internal audits to assess QMS effectiveness and compliance with regulatory requirements.

Management Review

Periodic management reviews to evaluate QMS performance, customer feedback, and opportunities for improvement.

Training & Competency

All personnel receive comprehensive training to ensure competency in their roles and compliance with regulatory requirements:

HIPAA Training

Annual HIPAA privacy and security training for all workforce members with access to PHI.

Clinical Competency

Healthcare professionals maintain current licenses and complete ongoing clinical education.

Quality System Training

Training on QMS procedures, document control, and CAPA processes.

Security Awareness

Regular security awareness training covering phishing, social engineering, and data protection.

Incident Response

Training on security incident identification, reporting, and response procedures.

Competency Assessment

Regular competency assessments to verify understanding and skill proficiency.

Independent Audits & Verification

We undergo regular independent audits and assessments to verify compliance with regulatory requirements and industry standards:

Annual SOC 2 Type II Audits

Independent auditor assessment of security and privacy controls

Biennial CLIA Inspections

CMS or accrediting organization laboratory inspections

FDA Quality System Inspections

Periodic FDA inspections of manufacturing and quality systems

Penetration Testing

Annual third-party penetration testing and vulnerability assessments

Internal Quality Audits

Quarterly internal audits of quality management system effectiveness

Compliance Inquiries

For questions about our compliance programs, certification status, or to request audit reports (subject to confidentiality agreements), please contact:

Compliance Officer

FirstVitals dba ProteusDx™

2605 Camino Tassajara #2500

Danville, CA 94526