+1 888 483-9648

Business inquiries only

Talk to an Expert

HIPAA Compliance Framework

1. Purpose

The InputiX HIPAA Compliance Framework outlines our approach to supporting compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. This framework describes the administrative, technical, and physical safeguards used to protect electronic protected health information (ePHI) where applicable.

2. Scope

This framework applies when InputiX acts as a Business Associate or otherwise processes, stores, or transmits ePHI on behalf of covered entities, as defined under HIPAA. It applies to relevant systems, services, personnel, and third-party providers involved in such processing.

3. Compliance Approach

InputiX designs its services to align with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule. While compliance obligations ultimately depend on how customers configure and use our services, InputiX implements controls intended to support HIPAA-aligned use cases.

4. Administrative Safeguards

InputiX maintains administrative measures designed to manage and reduce risks to ePHI, including:

  • Policies and procedures addressing data protection and confidentiality
  • Workforce training on privacy and security responsibilities
  • Role-based access and authorization management
  • Incident response and escalation procedures

5. Technical Safeguards

Technical controls are implemented to help protect ePHI, which may include:

  • Access controls and authentication mechanisms
  • Audit logs and system monitoring
  • Encryption of data in transit and at rest where appropriate
  • Secure system configuration and change management

6. Physical Safeguards

InputiX leverages physical safeguards appropriate to its operating environment, including:

  • Controlled access to facilities and infrastructure
  • Use of secure, reputable data center providers
  • Measures to protect systems from unauthorized physical access

7. Breach Response and Notification

InputiX maintains procedures to identify, investigate, and respond to potential security incidents involving ePHI. Where required, we support timely breach notification obligations in accordance with HIPAA and contractual commitments.

8. Business Associate Agreements (BAA)

Where applicable, InputiX may enter into a Business Associate Agreement with customers to define responsibilities related to ePHI protection and HIPAA compliance.

9. Subcontractors and Third Parties

InputiX evaluates third-party service providers that may access or process ePHI to ensure they maintain appropriate safeguards. Where required, subcontractors are subject to contractual obligations consistent with HIPAA requirements.

10. Customer Responsibilities

Customers are responsible for:

  • Determining whether their use of InputiX services involves ePHI
  • Configuring services in a HIPAA-compliant manner
  • Ensuring appropriate access controls and user management

11. Review and Updates

This HIPAA Compliance Framework is reviewed periodically and updated as needed to reflect regulatory changes, risk assessments, and operational developments.

12. Disclaimer

This framework is provided for informational purposes only and does not constitute legal advice. Customers should consult their own legal counsel regarding HIPAA compliance obligations.