HIPAA Compliance & Security

Your privacy and security are our top priorities. Connexx is fully committed to safeguarding Protected Health Information (PHI) and complying with all applicable privacy and security regulations.

HIPAA Compliant
Full adherence to standards
256-bit Encryption
Data at rest & in transit
AWS Infrastructure
HIPAA-eligible cloud services

Our Commitment to Your Privacy

Connexx is a collaborative platform for healthcare professionals – including physicians, nurse practitioners, medspa owners, and behavioral health practitioners – that often handles sensitive patient information as part of its services. We are fully committed to safeguarding Protected Health Information (PHI) and complying with all applicable privacy and security regulations, notably the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its amendments under the HITECH Act.

Business Associate Agreements (BAAs)

Under HIPAA, healthcare providers are "covered entities" and Connexx serves as their "business associate" – an entity that handles PHI on their behalf. To ensure compliance, Connexx enters into Business Associate Agreements (BAAs) with each healthcare organization or individual provider using our platform.

These BAAs contractually bind us to protect patient information to the same standards that healthcare providers must uphold. We also maintain BAAs with any subcontractors or service providers that may encounter PHI through our platform, extending the umbrella of HIPAA protection to all parties involved.

Patient Privacy & Data Use

Connexx is dedicated to preserving the privacy of patient health information. We comply with all relevant laws and will not use or disclose any patient's medical information without proper consent or unless permitted/required by law.

What We Do

  • • Use PHI exclusively for intended healthcare purposes
  • • Facilitate treatment and care coordination
  • • Protect data with encryption and access controls
  • • Honor patient rights under HIPAA

What We Never Do

  • • Sell, share, or lease personal information
  • • Monetize patient data for marketing
  • • Disclose PHI without authorization
  • • Use identifiable data for unrelated purposes

Note on De-identified Data: We may utilize de-identified or anonymized data (information stripped of any details that could identify an individual) to help improve our services. Such usage is done in compliance with HIPAA guidelines for de-identification – your identifiable health information remains confidential.

Comprehensive Security Safeguards

We implement administrative, technical, and physical safeguards to protect PHI, in accordance with the HIPAA Security Rule. Our security program meets or exceeds industry standards.

HIPAA Training & Workforce Accountability

All Connexx employees and contractors with access to our systems undergo ongoing HIPAA and information security training. Each team member must understand their responsibility to protect patient data and sign binding confidentiality agreements. Only staff who need access to support the platform are permitted to handle PHI. Any breach of privacy/security policies can result in disciplinary action, including termination and legal consequences.

Encryption & Secure Infrastructure

Connexx protects data both in transit and at rest with robust encryption protocols:

  • 256-bit AES encryption for all PHI storage
  • TLS/HTTPS for all data in transit
  • AWS Key Management Service for encryption key management
  • HIPAA-compliant AWS infrastructure with executed Business Associate Addendum

AWS's data centers employ rigorous physical and environmental security controls including gated facilities, multi-factor access authentication, and 24/7 on-site security and video monitoring.

Access Controls & Authentication

We enforce strict access control mechanisms to ensure that only authorized individuals can access PHI. Every user has a unique user ID and must use a strong password to access the platform. Access to patient data is granted on a role-based, least-privilege basis – users only see the minimum necessary information for their role. The platform features automatic session time-outs and logout functionality to prevent unauthorized access.

Monitoring, Auditing & Risk Management

Connexx maintains detailed audit logs and monitoring systems to track access and changes to PHI:

  • Automated intrusion detection and prevention systems
  • Regular risk assessments and security audits
  • Periodic penetration testing with external experts
  • Comprehensive logging of all PHI access
  • Continuous monitoring for unusual patterns

Data Retention & Secure Disposal

PHI is retained only as long as necessary to fulfill the purposes of treatment, payment, or healthcare operations, or as required by law. When PHI is no longer needed, we follow established data destruction procedures to permanently and securely dispose of it, including secure deletion of electronic records and encrypted backups.

Incident Response & Breach Notification

In the unlikely event of a security incident or data breach, Connexx has a robust incident response plan in place. We are prepared to quickly investigate and contain security incidents. In compliance with HIPAA's Breach Notification Rule, if a breach involving unsecured PHI occurs, we will notify affected clients, individuals, and authorities within legally mandated timelines. We are committed to transparency and will provide timely, appropriate notifications.

Third-Party Services & Analytics

As part of operating a modern cloud platform, Connexx may utilize third-party services or tools to support our application. We vet all third-party vendors for security and HIPAA compliance.

PHI-Handling Partners

Any third party that might handle or access PHI is required to sign a Business Associate Agreement with us.

Non-PHI Services

For analytics tools used on non-PHI data, we ensure no protected health information is ever transmitted to those services.

Analytics Configuration

We use analytics (like Google Analytics) only for operational metrics with de-identified information, never transmitting PHI through non-HIPAA-compliant channels.

Our Ongoing Commitment

Connexx understands the trust that physicians, nurses, and practice owners place in our platform when collaborating on patient care. We take this responsibility extremely seriously. Our comprehensive HIPAA compliance program – from signed BAAs and employee training to state-of-the-art encryption and security monitoring – is designed to protect patient privacy at all times.

We continually update our policies and security controls in light of evolving best practices and regulatory changes, ensuring that Connexx remains a safe, HIPAA-compliant environment for all users.

By choosing Connexx, you can be confident that patient information is handled with the highest standards of confidentiality, integrity, and care.

If you have any questions about Connexx's HIPAA compliance or data protection measures, please contact us:

contact@connexx360.com

Your privacy and security are our top priorities, and we strive to maintain your trust through rigorous adherence to HIPAA and all applicable laws.