HIPAA Business Associate
Stannp operates as a HIPAA Business Associate, executing Business Associate Agreements with all covered entity customers. We implement comprehensive administrative, physical, and technical safeguards to protect all Protected Health Information in our custody.
Protected Health Information Safeguards
All PHI is protected with 256-bit AES encryption at rest and TLS 1.2/1.3 in transit, hosted exclusively in secure US facilities on Microsoft Azure infrastructure. Multi-factor authentication is mandatory for internal systems accessing PHI, with role-based access controls following minimum necessary principles.
HIPAA Breach Notification
We immediately notify affected covered entities by phone and in writing upon discovering any improper use or disclosure of PHI. We conduct thorough risk assessments and provide comprehensive incident details to support covered entity notification obligations to HHS, media, and affected individuals.
HIPAA Workforce Training
Every workforce member who may encounter PHI receives comprehensive HIPAA training on commencement of their role, with confidentiality agreements signed upon hiring. All employees complete refresher training every two years, with continuous awareness through security updates and newsletters.
Working with Covered Entities
Before submitting PHI, covered entities must execute a Business Associate Agreement with Stannp and use our secure platform for PHI uploads. If we notify you of a potential breach, you must assess your notification obligations to HHS, media, and affected individuals based on the scope and nature of the incident.
HIPAA Subprocessor Management
We carefully manage all subprocessors who may access PHI, executing Business Associate Agreements and conducting due diligence before engagement. Covered entities may request our current subprocessor list and information about their compliance practices.