HIPAA Notice
Aegis BioCryption acts as a HIPAA Business Associate to Covered Entities and their partners, and enters into a Business Associate Agreement before any protected health information is processed.
Safeguards
Administrative, physical, and technical safeguards are implemented per the HIPAA Security Rule: end-to-end encryption, customer-managed keys, least-privilege time-boxed access, and a tamper-evident audit trail anchored to a public timestamp.
Minimum necessary
Only the specific study requested and approved is released. Billing and operational systems are designed so that PHI never enters them.
Breach notification
Incident response and breach-notification obligations are defined in the executed Business Associate Agreement, consistent with the HITECH Act.
Requesting the BAA
Covered Entities can obtain our Business Associate Agreement and a controls summary for security review. Request the BAA.