HIPAA & Security Statement

Logical Health's role under HIPAA, our safeguards, and how privacy requests are handled

Last Updated: May 6, 2026

Introduction

Logical Health, Inc. (“Logical Health”, “we”, “us”, and “our”) provides healthcare technology and member-support services. In customer deployments involving Protected Health Information (“PHI”) or electronic Protected Health Information (“ePHI”), Logical Health may act as a Business Associate to Covered Entity clients. In that role, Logical Health processes PHI/ePHI only as permitted by the applicable Business Associate Agreement (“BAA”), customer instructions, HIPAA/HITECH, and applicable law.

This page is a summary, not a Notice of Privacy Practices.

This page summarizes Logical Health’s HIPAA-oriented safeguards and compliance posture. It is not a Covered Entity Notice of Privacy Practices and does not replace any health plan, provider, employer-plan, or customer privacy notice.

1. Our Role under HIPAA

When Logical Health acts as a Business Associate, our handling of PHI/ePHI is limited to the permitted uses and disclosures set out in the applicable BAA, customer instructions, HIPAA/HITECH, and law. We do not act as a Covered Entity for client-controlled health information processed on behalf of a customer, and we are not a treatment provider, health plan, or healthcare clearinghouse for that information.

Our public website and marketing pages are governed by our Privacy Policy and Terms of Service. Cookies and similar technologies are described in our Cookie Policy. Messaging programs are described in our Messaging Terms.

2. Administrative Safeguards

Logical Health maintains administrative safeguards appropriate to its size, complexity, and risk profile, including:

  • Documented information-security and privacy policies.
  • Workforce HIPAA, security, and privacy training, with role-appropriate updates.
  • Role-based access management and periodic access review.
  • Risk analysis, risk-treatment planning, and security incident procedures.
  • Risk-based monitoring, alerting, access review, and evidence review.
  • Contingency planning and recovery preparation.

3. Physical Safeguards

Logical Health does not operate its own data centers. Cloud infrastructure providers used to deliver our services maintain physical data-center controls under their respective compliance programs. Workforce devices used to access PHI/ePHI are subject to endpoint-management and workstation-security expectations.

4. Technical Safeguards

Logical Health uses session-management, identity, encryption, logging, and endpoint safeguards appropriate to the system and the data:

  • Encryption of PHI/ePHI in transit using modern TLS where supported by the channel.
  • Encryption of PHI/ePHI at rest using industry-standard algorithms in supported services.
  • Identity, authentication, and access controls scaled to the sensitivity of the system, including multi-factor authentication for administrative access where supported.
  • Audit logging and integrity controls for systems that handle PHI/ePHI, scoped to what is appropriate for the platform.

5. Incident & Breach Response

If Logical Health discovers a potential breach of unsecured PHI involving PHI/ePHI processed on behalf of a Covered Entity client, Logical Health will investigate, mitigate as appropriate, preserve relevant evidence, and notify the applicable Covered Entity as required by HIPAA, the applicable BAA, and law. Where Logical Health has a direct legal or contractual notice obligation, Logical Health will support or provide required notices in accordance with applicable law and contract.

6. Business Associate Agreements

When Logical Health acts as a Business Associate, we enter into appropriate Business Associate Agreements that govern permitted uses and disclosures, safeguards, breach notification, subcontractor obligations, and termination, return, or destruction of PHI at the end of the engagement.

7. Subcontractors and Vendors

Subcontractors that create, receive, maintain, or transmit PHI/ePHI on Logical Health’s behalf are subject to appropriate contractual safeguards, including BAAs where required by HIPAA. Vendors that process sensitive data are reviewed under Logical Health’s vendor-management process and, where appropriate, covered by data protection agreements, contractual safeguards, or assurance evidence.

8. Individual Rights and Privacy Requests

Individuals should generally direct HIPAA rights requests involving health-plan, provider, claims, eligibility, benefits, or other client-controlled PHI to the applicable Covered Entity, such as the relevant health plan or provider. Where a Covered Entity customer has delegated a request to Logical Health or a contract authorizes Logical Health to assist directly, Logical Health supports the request in accordance with the applicable agreement, HIPAA/HITECH, and law.

For privacy requests involving information that you provided directly to Logical Health through our public website, see the Privacy Policy and contact compliance@logical.health.

9. Changes to This Statement

Logical Health may update this statement from time to time to reflect changes in our practices, technologies, customer relationships, legal requirements, or compliance posture. When we make changes, we will post the updated statement on this page and update the “Last Updated” date.

10. Contact

For HIPAA, security, privacy, breach, compliance, or related inquiries, contact us at:

Email: compliance@logical.health

Subject Line:HIPAA & Security Inquiry