HIPAA Compliance

Administrative Safeguards

• Designated Privacy and Security Officers
• Workforce training and awareness programs
• Access management and authorization procedures
• Incident response and breach notification procedures
• Business Associate Agreements (BAAs) with all vendors

Physical Safeguards

• Secure, SOC 2 Type II audited data centers
• Access controls to facilities and workstations
• Device and media controls for hardware containing ePHI

Technical Safeguards

• AES-256 encryption at rest and TLS 1.2+ in transit
• Unique user identification and authentication
• Automatic session timeouts and audit controls
• Integrity controls to prevent unauthorized alteration of ePHI
• Role-based access controls (RBAC)

Breach Notification

• Procedures for identifying and responding to security incidents
• Notification to affected individuals within 60 days
• Notification to HHS as required
• Documentation and remediation processes

Business Associate Agreements

• VitalAxis signs BAAs with all covered entity clients
• We require BAAs from our subcontractors and service providers
• Regular review and updates of BAA terms

Audit & Monitoring

• Continuous security monitoring and logging
• Regular risk assessments and vulnerability scans
• Annual HIPAA compliance audits
• SOC 2 Type II certification

Patient Rights

• Right to access their PHI
• Right to request amendments
• Right to an accounting of disclosures
• Right to request restrictions

Contact Our Privacy Officer

For HIPAA-related inquiries, questions about our compliance practices, or to request a Business Associate Agreement, please contact us: