Secure Health Data Management

1Overview & Scope

The Health Insurance Portability and Accountability Act (HIPAA) sets the national standard for sensitive patient data protection. Explyra adheres to the HIPAA Security Rule and Privacy Rule to ensure that any health-related data processed within our platform, specifically the Health Manager suite, is handled with the highest level of security.

2Administrative Safeguards

We have implemented formal administrative procedures to manage data security:

• Risk Analysis: Regular assessments to identify potential vulnerabilities in PHI handling.
• Sanction Policy: Strict disciplinary measures for employees who fail to comply with security policies.
• Information Access Management: strictly controlling which personnel can access databases containing sensitive health data.
• Security Awareness Training: Mandatory training for all staff on HIPAA compliance and data handling best practices.

3Physical Safeguards

Access to physical infrastructure is strictly controlled:

• Facility Access Controls: Our primary data centers (Google Cloud Platform/AWS) utilize biometric authentication, 24/7 armed security, and surveillance.
• Workstation Security: All Explyra development devices are encrypted and require multi-factor authentication for access.
• Device & Media Controls: Protocols for the secure disposal of hardware and the sanitization of digital storage media.

4Technical Safeguards

We utilize advanced technology to prevent unauthorized access to PHI:

• Access Control: Unique user IDs, emergency access procedures, and automatic log-offs.
• Audit Controls: Hardware and software mechanisms that record and examine activity in information systems that contain or use PHI.
• Transmission Security: All health data is encrypted during transit using TLS 1.3 to prevent unauthorized interception.
• Encryption at Rest: Sensitive databases are encrypted using AES-256 standard.

5Business Associate Agreements (BAA)

Explyra acts as a "Business Associate" for many of our healthcare and enterprise clients. We are fully prepared to review and sign Business Associate Agreements (BAAs) to formalize our commitment to your compliance requirements. Our standard BAA covers breach notification timelines, data return/destruction, and sub-processor accountability.

6Audit Logging & Monitoring

Our internal monitoring system tracks every interaction with sensitive health records. We maintain audit logs for a minimum of six years as required by federal law. These logs include timestamps, user identifiers, and the specific nature of the data accessed.

7Compliance Lead & Contact

If you represent a healthcare provider or covered entity and wish to discuss a BAA or specific security configuration, please contact our compliance lead: