A culture of compliance.
Pharmacy commerce operates at the intersection of patient privacy, regulated payments, and clinical workflows. Tabz is built around the compliance requirements of that environment, not adapted to meet them after the fact.
Every transaction processed through Tabz operates within a security and compliance framework designed specifically for healthcare commerce. These are not controls layered on top of a general-purpose platform. They are the architectural decisions that determined how Tabz was built.
The compliance foundation
Every transaction processed through Tabz operates within a security framework designed specifically for healthcare commerce. The two standards that define that framework are the same ones enterprise pharmacy operators and their legal teams check first.
.svg){kind=icon}
HIPAA-Ready Infrastructure
Patient data processed through Tabz — across payment, messaging, and communication workflows — is handled in accordance with HIPAA's Privacy and Security Rules.
Technical safeguards, access controls, and audit capabilities are built into the platform as standard. Business Associate Agreements are available for enterprise operators.
.svg){kind=icon}
PCI DSS Compliance
All payment transactions conform to PCI DSS standards for the secure handling of cardholder data. Payment information is encrypted and tokenized at the point of entry.
Pharmacies never store card data directly. Tabz manages the full compliance burden of the payment layer on their behalf.
How the platform is built
Encryption at rest and in transit
All data transmitted through and stored within Tabz is encrypted using industry-standard protocols. Sensitive data does not move in plaintext at any point in the transaction lifecycle.
Tokenization
Card data is tokenized at entry and never stored in raw form. Operators interact with payment references, not cardholder data.
Role-based access controls
Platform access is governed by role-based permissions. Operators control who can view, process, and manage transaction and patient data within their organization.
Audit logging
Transaction and access events are logged for operational visibility and compliance review.
Frequently asked questions
A Business Associate Agreement (BAA) is a contract required under HIPAA when a vendor handles protected health information on behalf of a covered entity. Tabz provides BAA's in contracts with covered entities.
Payment data is encrypted at the point of entry and tokenized immediately. Card information is never stored in raw form within the Tabz platform. Pharmacies interact with payment references only, the underlying cardholder data is never accessible to pharmacy staff or stored on pharmacy systems.
Tabz infrastructure is hosted in a HIPAA- protected environment with encryption at rest and in transit enforced across all data.
Tabz uses role based access for our own employees, and allows role based access for our partners to the dashboards
Still have questions?
Ready to see Tabz in your operation?
Enterprise pharmacy operators and platform teams can book a demo to see how Tabz handles the compliance, payment, and operational requirements of their specific environment.
.png)