Skip to main content

HIPAA Compliance

Unified Imaging is committed to protecting the privacy and security of Protected Health Information (PHI) in accordance with HIPAA regulations.

SOC 2
Type II Certified
HIPAA
Compliant
256-bit
AES Encryption
24/7
Monitoring

Our Commitment to Healthcare Data Protection

As a healthcare technology provider serving eye care professionals across the country, Unified Imaging understands the critical importance of protecting patient information. We have built our platform from the ground up with security and compliance as foundational principles.

Our comprehensive HIPAA compliance program includes technical, administrative, and physical safeguards designed to protect the confidentiality, integrity, and availability of Protected Health Information (PHI).

Technical Safeguards

We implement industry-leading technical controls to protect PHI throughout its lifecycle:

Encryption

All data encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Encryption keys are managed through a dedicated key management system.

Access Controls

Role-based access control (RBAC) ensures users only access data necessary for their role. Multi-factor authentication (MFA) is required for all accounts.

Audit Logging

Comprehensive audit trails track all access to PHI including who accessed what data, when, and from where. Logs are retained for a minimum of 6 years.

Automatic Logoff

Sessions automatically terminate after periods of inactivity. Configurable timeout settings allow practices to meet their specific security requirements.

Integrity Controls

Data integrity mechanisms detect unauthorized alterations to PHI. Checksums and digital signatures ensure data remains unmodified during transmission and storage.

Network Security

Enterprise-grade firewalls, intrusion detection systems, and network segmentation protect PHI from unauthorized access and cyber threats.

Administrative Safeguards

Our administrative controls establish the policies, procedures, and workforce management practices necessary for HIPAA compliance:

  • Security Officer: A designated HIPAA Security Officer oversees our compliance program and is responsible for developing and implementing security policies.
  • Risk Analysis: We conduct regular risk assessments to identify potential vulnerabilities and implement appropriate safeguards.
  • Workforce Training: All employees complete HIPAA training upon hire and annually thereafter. Role-specific training is provided for employees with access to PHI.
  • Sanctions Policy: Clear policies define consequences for workforce members who violate security policies.
  • Incident Response: Documented procedures for identifying, responding to, and mitigating security incidents, including breach notification protocols.
  • Contingency Planning: Business continuity and disaster recovery plans ensure PHI remains available and protected during emergencies.
  • Vendor Management: All subcontractors with access to PHI sign Business Associate Agreements and undergo security assessments.

Physical Safeguards

Our infrastructure partners maintain robust physical security controls:

  • Data Center Security: PHI is stored in SOC 2 Type II certified data centers with 24/7 physical security, biometric access controls, and video surveillance.
  • Facility Access: Access to data center facilities is restricted to authorized personnel with documented business needs.
  • Workstation Security: Policies govern the proper use and physical security of workstations that access PHI.
  • Device Controls: Media containing PHI is encrypted, tracked, and securely disposed of when no longer needed.
  • Environmental Controls: Data centers include fire suppression, climate control, and redundant power systems to protect against environmental threats.

Business Associate Agreement

Unified Imaging enters into Business Associate Agreements (BAAs) with all covered entities before accessing or storing PHI. Our BAA:

  • Establishes the permitted uses and disclosures of PHI
  • Requires appropriate safeguards to prevent unauthorized use or disclosure
  • Mandates reporting of security incidents and breaches
  • Ensures our subcontractors agree to the same restrictions
  • Provides for return or destruction of PHI upon termination
  • Allows the covered entity to terminate the agreement for material breach

Request a BAA

Ready to get started? Contact our team to execute a Business Associate Agreement and begin your implementation.

Contact Us

Compliance Questions

For questions about our HIPAA compliance program or to report a potential security concern:

HIPAA Security Officer security@unified-imaging.com
Compliance Inquiries compliance@unified-imaging.com
Report an Incident security@unified-imaging.com

We take all security concerns seriously and will respond to inquiries within one business day.

Related Documents

Privacy Policy Terms of Service Security