NoBarrier AI HIPAA

Last Time Updated: 26/02/2024

No Barrier AI, Inc (“No Barrier”, “we”, or “our”) is committed to protecting your and your patients’ privacy and data.

The United States, Health Insurance Portability and Accountability Act of 1996 ("HIPAA") provides federal protections for patient Protected Health Information ("PHI") held by covered entities (health plans, health clearinghouses or healthcare providers) and business associates (entities collecting or accessing PHI on behalf of Covered Entities) and give patients some rights with respect to such PHI. This suite of regulations includes the Privacy Rule, which protects the privacy of individually identifiable health information; the Security Rule, which sets national standards for the security of electronic Protected Health Information (ePHI); and the Breach Notification Rule, which requires Covered Entities and business associates to provide notification following a breach of unsecured PHI (all together, “HIPAA Rules”). Business associates must comply with the HIPAA Security Rule and Breach Notification Rule as well as certain provisions of the HIPAA Privacy Rule.

If HIPAA applies to your company (either as a business associate or as a covered entity), we recommend that you conduct internal due diligence to map your specific PHI collection practices. And, as a part of that, to consider what personal data and/or PHI you are sharing, storing, processing or using on our services and, if required, reach out to support@nobarrier.ai to execute our Business Associate Agreement.

What is No Barrier doing in order to comply with HIPAA?

1. We built an internal taskforce with members of different departments to implement the HIPAA compliance plan internally.
2. We involved senior management in the supervision of our implementation plan.
3. We held different discussions and conversations in order to understand what PHI is used in connection with our services, to distinguish where it is hosted and implemented measures to help our customers comply with their HIPAA obligations.
4. We signed business associate agreements with all of our vendors and service providers who could be exposed to PHI.
5. We have a security incident and personal data breach notification policy to guide how we would respond in the event of a HIPAA related breach.
6. We regularly provide training and awareness among our employees about key HIPAA requirements.
7. We have a HIPAA compliance officer charged with overseeing our HIPAA compliance.
8. We utilize and host our platform in secure US-based data centers of AWS services. We have signed a Business Associate Agreement (“BAA”) with AWS.
9. Data Security & Retention
   • We use a combination of technical, administrative, and physical controls to keep user data secure. Data is always transmitted via secure channels. Data is encrypted in transit and at rest using the industry best practice encryption standards (e.g. AES-256).
   • We have a data retention and deletion policy in place to avoid storing data perpetually.
   • For more information, please see our privacy policy available on our website.

I have more questions. Who should I contact? If you have any additional questions about our implementation of the HIPAA Rules, you are welcome to contact us at support@nobarrier.ai.

Disclaimer: The information in this document may not be construed or used as legal advice about the content, interpretation or application of any law, regulation or regulatory guideline. Customers and prospective customers must seek their own legal counsel to understand the applicability of any law or regulation on their processing of personal data.

Last time updated: February 26, 2024.