Last Updated: 8/4/2023
Hero Link is owned and operated by Hero Link, LLC.
This HIPAA Compliance Statement ("Statement") is incorporated into and made part of the Terms of Service for Hero Link, LLC ("Hero Link", "we", "us", or "our"). It outlines our commitment to maintaining compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the Health Information Technology for Economic and Clinical Health Act ("HITECH"), as applicable to our services and operations.
1. SCOPE OF HIPAA COMPLIANCE
Hero Link is committed to ensuring the confidentiality, integrity, and security of Protected Health Information ("PHI") that may be transmitted, stored, or processed through our systems on behalf of covered entities or business associates under HIPAA.
This Statement applies solely to the extent that Hero Link receives, maintains, or transmits PHI on behalf of such covered entities or business associates as part of providing our services.
2. SAFEGUARDS AND SECURITY MEASURES
Hero Link implements appropriate administrative, physical, and technical safeguards in accordance with HIPAA Security Rule standards (45 CFR §§ 164.302 – 164.318), including but not limited to:
Data encryption in transit and at rest;
Access controls and authentication protocols;
Security monitoring and incident response procedures;
Employee training on HIPAA privacy and security requirements.
3. BUSINESS ASSOCIATE AGREEMENTS (BAAs)
Where applicable, Hero Link enters into Business Associate Agreements with covered entities or other business associates in compliance with 45 CFR § 164.504(e). These agreements define permitted uses and disclosures of PHI and establish obligations for safeguarding data in accordance with HIPAA.
4. PERMITTED USES AND DISCLOSURES
Hero Link shall not use or disclose PHI except as permitted or required by applicable BAAs, by law, or as authorized in writing by the individual who is the subject of the PHI.
5. BREACH NOTIFICATION
In the event of a breach of unsecured PHI, Hero Link shall notify the affected parties in accordance with the HIPAA Breach Notification Rule (45 CFR §§ 164.400 – 164.414) and the terms outlined in applicable BAAs.
6. CLIENT RESPONSIBILITIES
Clients of Hero Link are responsible for ensuring that their own data handling practices, including any PHI they transmit or upload through our services, comply with HIPAA and related privacy regulations. Clients must not use Hero Link’s services to transmit PHI unless a BAA has been executed between both parties.
7. NO LEGAL ADVICE
This Statement is provided for informational purposes only and does not constitute legal advice. Clients and users are encouraged to consult their own legal counsel regarding HIPAA compliance obligations.
8. CONTACT US
If you have any questions or concerns about this HIPPA Compliance and the processing and security of your data, please contact us via our contact page or by using the following contact information:
Hero Link, LLC
Email: support@herolink.com