HIPAA Compliance Statement

Last Modified: August 2nd, 2019

Hypercare Inc. is committed to and has implemented safeguards to ensure our mobile applications, services, web platforms, and the data are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). Hypercare Inc. is committed to continuously improving our privacy and security measures to ensure our products are kept up to date with the best practices and technology improvements.

As a “Business Associate” per the definition in the HIPAA Act, and by assignment of the HIPAA covered entity, Hypercare Inc. is subject to the following controls (safeguards not limited to the following however):

Administrative Safeguards (HIPAA 164.308)

Hypercare Inc. has implemented policies in place to ensure appropriate assignment of data access permissions and proper movement and handling of that data.

Privacy and security training (HIPAA 164.308(a)(5)(i)) is a mandated event for all staff that handles patient health information and is provided by a third-party entity.

Hypercare Inc. has hired a privacy & security firm and conducted risk assessments (HIPAA 164.308(a)(1)(ii)(A)) such as Privacy Impact Assessment (PIA), Threat Risk Assessment (TRA), and a penetration test. The PIA and TRA can be requested by contacting our privacy department privacy@hypercare.com for the purpose of adopting our product.

Hypercare Inc. can sign a Business Associate Agreement to be the “Business Associate” with our customers to handle PHI on their behalf (HIPAA 164.308(b)(1)).

Physical Safeguards (HIPAA 164.310)

Hypercare Inc. is deployed on enterprise-grade cloud infrastructure from both Amazon Web Services (AWS) and Microsoft Azure. These cloud providers have physical safeguards including but not limited to: initial environmental and geographical assessments, redundancy measures, availability measures in case of outages, employee data centre access privileges, 24 hours monitoring Closed Circuit Television Camera, data entry points, and intrusion detection. Hypercare Inc.’s offices are controlled with fob access control to prevent walk-up intrusion (HIPAA 164.310(a)(1)). Access to key resources are limited to staff with specific purposes and is revoked once the purpose is not applicable (HIPAA 164.312(a)(1)). Hypercare has signed Business Associated Agreements (BAA) with our cloud providers.

Technical Safeguards (HIPAA 164.312)

Hypercare Inc. implements additional measures to safeguard data such as Encryption of PHI at rest and in transit (HIPAA 164.312(a)(2)(iv) 164.312(e)(2)(i)). Furthermore, Hypercare Inc. implements automatic logoff (HIPAA 164.312(a)(2)(iii)) on the web platform. Hypercare Inc. also separates development, testing, and operational environments to ensure data segregation. We follow secure system engineering principles, acceptance testing, and even has undergone a penetration test.

Questions around the specifics can be requested by contacting privacy@hypercare.com

Helpful links for additional information