Hexai Logo
Hexai

HIPAA Compliance

Last Updated: 18 May 2025

Compliance Status

Hexai Care Limited is actively working toward full HIPAA compliance. We are currently in the process of implementing all necessary technical, administrative, and physical safeguards required by HIPAA regulations. We expect to complete our HIPAA compliance program in the coming months.

Our Commitment to HIPAA Compliance

At Hexai Care Limited, we understand the critical importance of protecting Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA). We are committed to ensuring that our platform meets or exceeds all HIPAA requirements to provide our healthcare customers with a secure and compliant solution.

What is HIPAA?

HIPAA is a US federal law enacted in 1996 that establishes standards for the privacy and security of certain health information. HIPAA consists of several components, including:

  • Privacy Rule: Establishes national standards for the protection of individually identifiable health information.
  • Security Rule: Sets standards for the security of electronic protected health information.
  • Breach Notification Rule: Requires covered entities and business associates to provide notification following a breach of unsecured protected health information.
  • Omnibus Rule: Enhances patient privacy protections, provides individuals with new rights to their health information, and strengthens the government's ability to enforce the law.

Our HIPAA Compliance Measures

We are implementing comprehensive measures to ensure HIPAA compliance:

Technical Safeguards

  • Encryption: All PHI is encrypted both in transit and at rest using industry-standard encryption protocols.
  • Access Controls: We implement role-based access controls to ensure only authorized personnel can access PHI.
  • Audit Controls: Our systems maintain detailed audit logs of all activities related to PHI.
  • Integrity Controls: We implement mechanisms to ensure that PHI is not improperly altered or destroyed.
  • Transmission Security: All data transmissions containing PHI are secured using TLS/SSL encryption.

Administrative Safeguards

  • Security Management Process: We conduct regular risk assessments and implement risk management strategies.
  • Security Personnel: We have designated security officials responsible for developing and implementing our security policies.
  • Information Access Management: We have established procedures for authorizing access to PHI.
  • Workforce Training: All employees receive regular training on HIPAA requirements and our security policies.
  • Contingency Planning: We have developed and implemented data backup, disaster recovery, and emergency mode operation plans.

Physical Safeguards

  • Facility Access Controls: Our data centers implement strict physical access controls.
  • Workstation Security: We have policies governing the proper use and security of workstations that access PHI.
  • Device and Media Controls: We have procedures for the disposal and re-use of electronic media containing PHI.

Business Associate Agreements

As a provider of services to healthcare organizations, Hexai Care Limited acts as a Business Associate under HIPAA. We are prepared to enter into Business Associate Agreements (BAAs) with covered entities as required by HIPAA regulations.

Our BAA clearly outlines our responsibilities regarding the protection of PHI, including:

  • How we will use and disclose PHI
  • Our safeguards to protect PHI
  • Our reporting obligations in case of a breach
  • Our responsibilities for compliance with HIPAA regulations

Breach Notification

In the unlikely event of a breach of unsecured PHI, we have established procedures to:

  • Promptly notify affected customers
  • Conduct a thorough investigation of the breach
  • Mitigate any harmful effects of the breach
  • Implement corrective actions to prevent similar breaches in the future

Ongoing Compliance Efforts

HIPAA compliance is not a one-time achievement but an ongoing process. We are committed to:

  • Regularly reviewing and updating our security policies and procedures
  • Conducting periodic security assessments and audits
  • Staying informed about changes to HIPAA regulations and guidance
  • Continuously improving our security measures based on emerging best practices

Contact Information

For more information about our HIPAA compliance efforts or to request a BAA, please contact us at:

Hexai Care Limited
Unit 82a James Carter Road
Mildenhall, Bury St. Edmunds
England, IP28 7DE
Email: hexaicare@gmail.com