About Providers Tests Sign in

HIPAA Compliance

Last updated: March 30, 2026

At HealthSetu, we recognize the critical importance of protecting Protected Health Information (PHI). We are committed to fully complying with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, alongside modern data privacy expectations globally.

1. Privacy Rule Compliance

Our platform enforces strict confidentiality of PHI. Access to health data is limited to users and explicitly authorized healthcare providers. We do not use PHI for marketing purposes without explicit, documented consent from the patient.

2. Security Rule Safeguards

  • Administrative: We maintain strict internal security policies, conduct routine workforce training, and enforce risk management procedures.
  • Physical: All our cloud-hosted infrastructure is managed by leading providers who ensure strict physical security measures for data centers.
  • Technical: We employ end-to-end encryption for data in transit and at rest, alongside comprehensive audit controls and secure access management.

3. Breach Notification Rule

HealthSetu maintains a comprehensive incident response protocol. In the event of an unsecured PHI breach, we will notify affected individuals, the Department of Health and Human Services (HHS), and the media as required by the HIPAA Breach Notification Rule.

4. Business Associate Agreements (BAAs)

We mandate formal Business Associate Agreements (BAAs) with all third-party vendors and healthcare providers who interact with our systems. This ensures that our partners uphold the same rigorous HIPAA compliance standards as we do.

5. Patient Rights

HealthSetu ensures patients have the right to access, amend, and request accounting of disclosures for their PHI. You can request changes or download copies of your health data directly through your dashboard or by contacting our privacy team.