HIPAA Compliance

Onalyst Health AI is fully committed to compliance with the Health Insurance Portability and Accountability Act (HIPAA). We understand the critical importance of protecting Protected Health Information (PHI) and have implemented comprehensive safeguards to ensure the privacy and security of all patient data.

• Designated Privacy and Security Officers
• Comprehensive workforce training on HIPAA requirements
• Documented policies and procedures for PHI handling
• Regular risk assessments and security audits
• Incident response and breach notification procedures
• Business Associate Agreements with all vendors

• Data stored exclusively in AWS Canada (ca-central-1) data centers
• SOC 2 Type II certified infrastructure
• Physical access controls and monitoring
• Workstation security policies
• Secure disposal of electronic media

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Multi-factor authentication required
• Role-based access controls (RBAC)
• Automatic session timeout (15 minutes)
• Comprehensive audit logging of all PHI access
• Intrusion detection and prevention systems
• Regular penetration testing

Onalyst enters into Business Associate Agreements (BAAs) with all covered entities using our services. Our BAA ensures:

• Clear definition of permitted PHI uses and disclosures
• Appropriate safeguards implementation
• Breach notification requirements
• Compliance with the HIPAA Privacy and Security Rules
• Right to terminate for material breach

In the unlikely event of a data breach involving PHI, Onalyst will:

• Notify affected covered entities within 24 hours of discovery
• Provide detailed information about the nature of the breach
• Assist with required notifications to affected individuals
• Cooperate with any investigations
• Implement remediation measures to prevent future occurrences

For HIPAA-related inquiries or to request a BAA:

Email: compliance@onalyst.org

Phone: Available upon request for covered entities