Hemolyze

HIPAA Compliance Information

Hemolyze is committed to protecting the privacy and security of Protected Health Information (PHI) as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Our Commitment to HIPAA

While Hemolyze provides tools to help users understand their health data, the specific applicability of HIPAA regulations may depend on how you use the service and whether you are a covered entity or business associate under HIPAA.

For users who are covered entities or business associates requiring HIPAA compliance, we offer specific configurations and potentially Business Associate Agreements (BAAs). Please contact us for more details on our HIPAA-compliant offerings.

Data Security Measures

We implement administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of electronic PHI, including:

  • Encryption: Data is encrypted both in transit (using TLS/SSL) and at rest.
  • Access Controls: Strict access controls are in place to limit access to PHI on a need-to-know basis.
  • Audit Logs: We maintain logs of access and changes to systems containing PHI.
  • Secure Infrastructure: We utilize secure cloud infrastructure providers with robust security certifications.
  • Data Minimization: We strive to collect and process only the minimum necessary PHI required for the service.

Handling of Uploaded Reports

When you upload a medical report containing PHI, it is processed within our secure environment. Access to this raw data is strictly limited. The extracted, anonymized, or pseudonymized data used for visualization is also protected by our security measures.

Business Associate Agreements (BAA)

If you are a covered entity (e.g., healthcare provider, health plan) or a business associate using Hemolyze to process PHI on behalf of a covered entity, a BAA is typically required. Please contact our compliance team at [Compliance Contact Email/Link] to discuss BAA requirements.

Disclaimer

This page provides general information about Hemolyze's approach to HIPAA. It does not constitute legal advice. Users are responsible for ensuring their own compliance with HIPAA and other applicable regulations.

Questions? For specific inquiries regarding HIPAA compliance or our security practices, please reach out to [Compliance Contact Email/Link].