HIPAA Compliance

Our commitment to protecting your health information

Last Updated: January 19, 2025

Introduction

Logical Health, Inc. (“Logical Health”, “we”, “us”, and “our”) is committed to maintaining the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.

This HIPAA Compliance statement outlines our commitment to safeguarding your health information and describes the measures we take to ensure compliance with HIPAA Privacy, Security, and Breach Notification Rules.

1. Our HIPAA Obligations

As a provider of healthcare technology solutions, Logical Health understands the critical importance of protecting sensitive health information. We maintain rigorous standards to ensure:

  • Privacy Protection: We implement policies and procedures to protect the privacy of PHI.
  • Security Safeguards: We employ administrative, physical, and technical safeguards to protect electronic PHI (ePHI).
  • Breach Notification: We have procedures in place to detect, respond to, and report any potential breaches of PHI.
  • Business Associate Agreements: We enter into appropriate Business Associate Agreements (BAAs) with covered entities and other business associates.

2. Administrative Safeguards

We implement comprehensive administrative safeguards including:

Security Management:

  • Risk analysis and risk management processes
  • Security incident procedures
  • Contingency planning and disaster recovery
  • Regular security assessments and audits

Workforce Training:

  • HIPAA privacy and security training for all employees
  • Regular updates on compliance requirements
  • Role-based access training
  • Security awareness programs

Access Management:

  • Unique user identification for all system users
  • Role-based access controls
  • Automatic logoff procedures
  • Regular access reviews and audits

3. Physical Safeguards

We maintain physical safeguards to protect our facilities and equipment:

  • Facility Access Controls: Secure data centers with restricted access
  • Workstation Security: Policies for secure workstation use and positioning
  • Device and Media Controls: Secure disposal and re-use procedures for electronic media
  • Environmental Controls: Protection against environmental hazards

4. Technical Safeguards

We implement robust technical safeguards to protect ePHI:

Encryption:

  • Encryption of ePHI in transit using TLS 1.2 or higher
  • Encryption of ePHI at rest using industry-standard algorithms
  • Secure key management practices

Access Controls:

  • Multi-factor authentication
  • Session timeout mechanisms
  • Audit controls and monitoring
  • Integrity controls to protect against unauthorized alteration

Transmission Security:

  • Secure communication protocols
  • Virtual Private Networks (VPNs) for remote access
  • Network security monitoring

5. Breach Notification

In the unlikely event of a breach of unsecured PHI, we will:

  • Conduct a thorough investigation to determine the nature and scope of the breach
  • Notify affected individuals without unreasonable delay and no later than 60 days following discovery
  • Notify the Secretary of Health and Human Services as required by law
  • Notify prominent media outlets if the breach affects more than 500 residents of a state or jurisdiction
  • Provide covered entities with necessary information to fulfill their breach notification obligations

6. Business Associate Agreements

When acting as a Business Associate, Logical Health enters into HIPAA-compliant Business Associate Agreements with covered entities. These agreements outline:

  • Permitted uses and disclosures of PHI
  • Our obligation to implement appropriate safeguards
  • Our obligation to report security incidents and breaches
  • Our obligation to make PHI available to individuals upon request
  • Our obligation to make PHI available for amendment
  • Our obligation to maintain an accounting of disclosures
  • Provisions for termination and return or destruction of PHI

7. Third-Party Service Providers

We carefully vet all third-party service providers who may have access to PHI. We ensure that:

  • All subcontractors sign appropriate Business Associate Agreements
  • Third parties demonstrate adequate security and privacy practices
  • Regular assessments are conducted to verify ongoing compliance
  • Contracts include provisions for auditing and monitoring

8. Compliance Monitoring

We maintain an ongoing compliance program that includes:

  • Regular risk assessments and security audits
  • Continuous monitoring of security controls
  • Periodic review and update of policies and procedures
  • Documentation of all compliance activities
  • Regular training and awareness programs

9. Individual Rights

We support the exercise of individual rights under HIPAA, including:

  • Right to Access: Individuals can request access to their PHI
  • Right to Amend: Individuals can request amendments to their PHI
  • Right to an Accounting: Individuals can receive an accounting of disclosures
  • Right to Request Restrictions: Individuals can request restrictions on uses and disclosures
  • Right to Request Confidential Communications: Individuals can request to receive communications by alternative means

10. Changes to This Statement

We reserve the right to update this HIPAA Compliance statement as needed to reflect changes in our practices or applicable law. We will post updates on this page with a revised “Last Updated” date.

11. Questions and Compliance Concerns

If you have questions about our HIPAA compliance practices or wish to report a compliance concern, please contact us at:

Email: hello@logical.health

Subject Line: HIPAA Compliance Inquiry

We take all compliance concerns seriously and will investigate and respond to all inquiries promptly.