Last platform audit: April 17, 2026

Compliance as Care.
Interoperability as Trust.

The Force for Health Network was built from day one to move safely between the worlds of healthcare, education, workforce, and community. This page is our public commitment — the standards we hold, the platforms we connect with, and the policies that protect every person we serve.

View Policies See Interoperability
17+Standards aligned
16Platform integrations
4Sector pillars
30-minPHI session timeout
Four Pillars, One Standard

Where we operate — and what governs us there

FFH sits at the crossroads of healthcare, education, workforce, and community. We do not cut corners in any of them. Each pillar inherits the full stack of protections, plus the domain-specific safeguards its people deserve.

Education

Schools, districts, and learners — from K-12 to adult workforce education.

  • FERPA-aligned data handling
  • COPPA parental consent paths
  • ISTE · NHES · SHAPE · NGSS · ASCD
  • LTI 1.3 / SSO-ready (Clever, ClassLink)
  • Lesson Plans auditable to standards

Healthcare

Health systems, clinicians, public health, and patient-facing programs.

  • HIPAA technical safeguards (AES-256 at rest, TLS in transit)
  • HL7 · FHIR R4 readiness
  • BAAs in place or being executed for every PHI vendor
  • Audit logging on every PHI read/write in HIPAA-covered tools
  • 30-minute inactivity timeout

Blue Button & Public Data

CMS Blue Button 2.0, ONC, and open public-data ecosystems.

  • Blue Button 2.0 OAuth 2.0 flow supported
  • CMS / ONC interoperability alignment
  • USCDI data class awareness
  • County Health Rankings + CDC PLACES integration
  • Patient-directed data portability

Chamber & Workforce

Chambers of Commerce, employer wellness, and community activation.

  • GrowthZone / ChamberMaster integration
  • WebLink Connect, MemberClicks, Chamber Nation
  • US Chamber of Commerce alignment
  • 501(c)(3) Foundation firewalled from for-profit
  • Workforce wellness privacy standards
Standards at a Glance

The alphabet soup, translated into real protection

Every badge below represents a commitment we have designed into the platform, documented, and put on our audit calendar. This is the public-facing view; the full control matrix lives in our internal Compliance Audit Tracker.

Healthcare & Interoperability

HIPAA

HIPAA

PHI protection, BAAs, audit trails

FHIR

HL7 / FHIR R4

Clinical data exchange

BB 2.0

Blue Button 2.0

CMS patient-directed data

CMS

CMS Alignment

Interoperability & Patient Access Rule

ONC

ONC Framework

USCDI-aware data classes

Education

FERPA

FERPA

Student record protection

COPPA

COPPA

Under-13 parental consent

ISTE

ISTE Standards

Digital learning for students & educators

NHES

NHES

National Health Education Standards

SHAPE

SHAPE America

Physical & health education

NGSS

NGSS

Next Generation Science Standards

ASCD

ASCD Whole Child

Whole Child / Whole School framework

Data, Security & Accessibility

SOC 2

SOC 2 Posture

Trust Services Criteria-aligned controls (not yet certified)

GDPR

GDPR-Ready

EU data subject rights supported

CCPA

CCPA / CPRA

California consumer rights

ADA

ADA Compliance

Title III digital accessibility

WCAG

WCAG 2.1 AA

Target conformance; audit in progress

Chamber, Workforce & Nonprofit

USCC

US Chamber Alignment

Community activation standards

501c3

501(c)(3) Separation

Foundation firewalled from for-profit

PPF

PPF Fiscal Sponsor

Panorama Project Foundation oversight

WKF

Workforce Wellness

Employer program privacy standards

Interoperability in Action

The platforms we connect with — and the standards that make it safe

FFH is built to plug into the systems your people already use. Below is an honest view of where each integration stands today — Live, Partial, or on the Summer 2026 roadmap.

LTI 1.3 · SSO

Canvas (Instructure)

LMS integration via LTI 1.3 for lesson delivery, grades, and Bingo Card tracking.

Coming Summer 2026
OAuth 2.0

Google Classroom

Assignment sync, rostering, and coin award reporting.

Coming Summer 2026
OneRoster

Clever

K-12 SSO, rostering, and secure parental consent routing.

Coming Summer 2026
OIDC · SAML

ClassLink

District identity federation and launchpad delivery.

Coming Summer 2026
FHIR R4

Epic

Read-access via SMART on FHIR; design complete, engagement requires health system BAA (partial).

Partial · Summer 2026 target
FHIR R4

Oracle Health (Cerner)

Integration design complete; engagement requires BAA (partial).

Partial · Summer 2026 target
FHIR · HL7

athenahealth

Integration design complete; engagement requires BAA (partial).

Partial · Summer 2026 target
USCDI

Public Health Systems

CDC PLACES, County Health Rankings, and state PH portals.

Live
OAuth 2.0

CMS Blue Button 2.0

Patient-directed Medicare claims access — participant-consented, read-only.

Coming Summer 2026
USCDI v3

ONC Interop Framework

Alignment with Cures Act, information blocking rules, and certified class mapping.

Design aligned
Blue Button

MyHealthEData

Participant-facing data portability for programs run on the FFH Academy.

Coming Summer 2026
Open API

CDC Open Data

County-level health and prevention metrics inside every Bingo Card.

Live
REST API

GrowthZone / ChamberMaster

Member directory sync and event co-registration for Chamber-hosted programs.

Coming Summer 2026
REST · Webhooks

WebLink Connect

Membership CRM integration for workforce wellness activations.

Coming Summer 2026
OAuth 2.0

MemberClicks / Personify

Association management sync with opt-in data sharing only.

Coming Summer 2026
Partner API

Chamber Nation

Local chamber network distribution of FFH community programs.

Coming Summer 2026
Our Posture

What it actually looks like under the hood

Public promises only matter if they are wired into the system. Here is the short version of what we actually built.

Data Protection

Your data is encrypted at rest and in transit, accessed only with JWT-authenticated sessions, and never cached in browser storage when it qualifies as PHI or FERPA.

  • AES-256 encryption at rest
  • TLS 1.2+ in transit (all endpoints)
  • Supabase BAA for PHI workloads
  • Row-Level Security on every table
  • No PHI in localStorage (PHI_SAFE_MODE)

Consent & Identity

Nothing sensitive happens without an explicit, documented, auditable consent record. Minors get a parental path. EU participants get GDPR rights.

  • Granular consent_records table
  • COPPA parental consent flow
  • GDPR data subject request path
  • 30-minute inactivity signout
  • Role-based access control

Audit & Accountability

Sensitive data operations within HIPAA and FERPA-covered tools write audit_log entries. We review internally on a quarterly cadence and publish status updates to this page.

  • Immutable audit_log table
  • Internal compliance audits on quarterly cadence (first full audit April 17, 2026)
  • Third-party penetration test on 2026 roadmap
  • Public status strip on this page
  • Incident response SLA: 24-hour customer notification
ADA · WCAG 2.1 AA

Accessibility is not a feature. It is the floor.

The Force for Health Network serves people with chronic conditions, cognitive differences, and the full range of human variation. Our pages, games, and content are built to meet WCAG 2.1 AA and Title III ADA digital accessibility expectations.

Keyboard-first

Every interactive element is reachable and operable with a keyboard, including our games.

Contrast 4.5:1

Text and UI contrast ratios meet or exceed WCAG 2.1 AA targets across the palette.

Screen reader ready

Semantic HTML, ARIA labels, live regions for dynamic status updates.

44x44 touch targets

Mobile controls meet minimum size so everyone can participate.

Alt text & captions

Images, charts, and media ship with text equivalents and, where applicable, captions.

Reduced motion

Animations respect `prefers-reduced-motion`. No autoplay content without a pause control.

Policies & Documents

The full library — shareable with your procurement and IT teams

Every document below is downloadable. Procurement, legal, compliance, and IT teams are welcome to share them with counsel and circulate them internally as part of your vendor review.

Privacy Policy

What we collect, why, and the rights you have over it.

Read full policy →

Terms of Service

The fair, plain-language terms that govern using FFH.

Read full terms →

HIPAA Policy

Safeguards, BAAs, audit logging, incident response.

Read full policy →

FERPA & COPPA Policy

How we handle student data and under-13 consent.

Read full policy →

Accessibility Statement

Our ADA / WCAG 2.1 AA commitments and reporting path.

Read statement →

One-Page Summary

The whole posture on a single page — for procurement.

Read summary →

Compliance Contact

Ask questions, request a BAA, or report a concern.

compliance@forceforhealth.com →

Ready to plug FFH into your ecosystem?

Whether you are a school district, a health system, a CMS-aligned program, or a chamber of commerce, we have probably already connected to something like you — and if not, we will build the path together.

Talk to Partnerships