Quality and safety
CLIA-validated labs, a HIPAA-compliant stack with a chain-hash audit log, weekly OIG screening, Anti-Kickback Statute safe compensation, and a physician review on every flagged result.
Lab quality
Your sample is processed by a CLIA-certified reference lab. Hormone markers on capillary matrix are held to a higher bar: per-analyte validation before any result clears into your trend chart.
All labs that process Pep Club samples are certified under the Clinical Laboratory Improvement Amendments, the federal standard for clinical lab testing.
Reference ranges, optimal ranges, and LOINC mapping are committed to the portal before results release.
Fingerstick and upper-arm capillary collection is not automatically equivalent to a venous draw. For hormone panels, we require per-analyte capillary validation on our chosen device before an assay is released against our optimal ranges.
Analytes that cannot be validated on capillary matrix are routed to a venous alternative rather than reported with low confidence.
Privacy and security
Every vendor that touches protected health information is covered by a Business Associate Agreement. Every PHI access is written to a chain-hashed audit log so any backfill or deletion is detectable.
Every read and write against protected health information is recorded to an append-only audit log. Each row hashes the row before it, so a tamper attempt anywhere in the chain surfaces the next time the chain is verified.
Verification runs on cadence internally; admins can re-verify on demand.
Every vendor that handles PHI on your behalf, including our database provider, identity provider, hosting provider, email relay, cache, and observability tools, is covered by a Business Associate Agreement.
Data is encrypted in transit and at rest. Database rows are isolated by Row Level Security policies.
Authenticated portal sessions idle-time-out automatically. Sensitive actions require recent authentication.
The admin compliance log is visible internally to our compliance team. A third-party penetration test is planned ahead of full-scale launch.
Regulatory posture
Health platforms attract special scrutiny for good reasons. Here is how we handle the rules that matter most to patients.
Our physician roster is cross-checked against the OIG List of Excluded Individuals and Entities (LEIE) at onboarding and again weekly, on an automated cron that runs every Sunday at 03:00 UTC.
Any match results in an immediate scheduling block pending compliance review.
Physicians working with The Pep Club are compensated on an hourly or per-consult basis. Compensation is never tied to prescription volume, product mix, or pharmacy routing.
The clinical entity (PC) and technology entity (MSO) are separately owned, with a Management Services Agreement between them.
Warm-base outreach from our affiliated pharmacy to eligible patients requires the specific authorization described by 45 CFR 164.508(a)(3). A generic pharmacy relationship is not enough.
When a marker is flagged, our posture is a licensed physician review within 24 hours. Escalation workflows ensure urgent findings route to a physician the same day.
SLA enforcement tooling and visible countdown timers land in the next milestone.
Every commitment on this page is enforced in code, not a PDF. We publish our posture so you can check it.
See panels and pricing