HIPAA Compliance Notice

Effective Date: November 29, 2025

Entity: Acme Corp

---

Our Commitment to Your Privacy

At Acme Corp, we take the privacy and security of health information seriously. Our organization maintains compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations where applicable to our operations.

This notice provides information about how we protect Protected Health Information (PHI) and our compliance with federal healthcare privacy laws.

---

HIPAA Compliance Status

Acme Corp maintains a comprehensive HIPAA compliance program.

Our compliance program includes:

• Administrative Safeguards: Comprehensive policies for security management, workforce training, and incident response
• Physical Safeguards: Secure facilities with access controls and endpoint security measures
• Technical Safeguards: Encryption at rest and in transit, role-based access control, audit logging, and secure authentication
• Organizational Requirements: Business Associate Agreements (BAAs) with applicable third-party service providers

---

How We Protect Health Information

Encryption

All data is encrypted both in transit (using TLS 1.3) and at rest. This ensures information is protected whether being transmitted over networks or stored in our systems.

Access Controls

We implement role-based access control (RBAC) to ensure that only authorized personnel can access health information, and only to the extent necessary for their job functions.

Audit Logging

Our systems maintain comprehensive audit logs of all access to protected health information, enabling detection and investigation of any unauthorized access attempts.

Secure Authentication

All users access systems through secure authentication with multi-factor authentication (MFA) requirements for accessing sensitive data.

---

Your Rights Under HIPAA

Under HIPAA, you have the following rights regarding your health information:

• Right to Access: You can request and receive a copy of your health information
• Right to Amend: You can request corrections to your health information
• Right to an Accounting: You can request a list of certain disclosures of your health information
• Right to Request Restrictions: You can request limits on how we use or disclose your information
• Right to Confidential Communications: You can request that we communicate with you in specific ways
• Right to a Paper Copy of This Notice: You can request a paper copy of our privacy practices

---

Breach Notification

In the event of a breach of protected health information, we will notify affected individuals and appropriate authorities as required by federal law. Our incident response procedures are designed to:

• Detect and respond to security incidents promptly
• Mitigate harmful effects of any breach
• Document and report incidents as required
• Prevent future occurrences through corrective action

---

Questions or Concerns

If you have questions about our HIPAA compliance practices or concerns about the privacy of health information, please contact:

Privacy Officer Email: privacy@acmecorp.com

Human Resources Email: hr@acmecorp.com

---

Related Policies

• Privacy Policy
• Data Privacy & Security Policy
• Incident Response Policy
• Access Control Policy

---

Document Classification: Internal

Privacy Policy | Terms & Conditions | Back to Policies