HIPAA Compliance Statement
Hi Neo is committed to and has implemented many safeguards to ensure its devices, services, websites, and data systems (collectively “Services”) are compliant with the regulations and conditions outlined in the Health Insurance Portability and Availability Act of 1996 (HIPAA).
Hi Neo is committed to continuous improvement to ensure Hi Neo Services incorporate state-of-the-art information technology privacy and security measures. For covered entities to the extent that we are a “Business Associate” per the definition in the HIPAA Act, and by assignment of the HIPAA covered entity, Hi Neo is subject to the following controls:
Administrative Safeguards (HIPAA 164.308). Hi Neo has implemented policies to ensure appropriate assignment of data access permissions and proper movement and handling of that data. HIPAA training is an annual mandated event for all staff, as well as an annual review of policy effectiveness during internal or 3rd party auditing of our Products.
Physical Safeguards (HIPAA 164.310). Hi Neo’s primary physical safeguard is to not retain sensitive data in any public or private Hi Neo location other than those assigned for database management and quality assurance activities. Specific workstation usage, disposal, reuse, and security measures are in place. Access to Hi Neo facilities is independently controlled via card access preventing walk-up intrusion. Hi Neo’s data center uses a cloud-based architecture with Inherent security measures including 24 hours monitoring, advanced fire protection systems, uninterruptible power, and database redundancy. Annual audit of the facility security plan, disaster recovery plan, and contingency plans are in place.
Technical Safeguards (HIPAA 164.312). To further protect sensitive data, Hi Neo enforces unique software architecture that includes user identifications, various database audit logging, data integrity systems, and verified backups, entity authentication programs, digital certificates, various levels of encryption, and other custom architecture to further obscure sensitive data.
Hi Neo adheres to the ISO 27001 standard to ensure our systems for the management of information security risk and sufficient for our products. Our ISO 27001 risk controls and policies make sure our organization provides a transparent and evidence based system to our stakeholders.