HIPAA Compliance

eMID Global meets HIPAA (Health Insurance Portability and Accountability Act) requirements for handling Protected Health Information (PHI). We implement administrative, physical, and technical safeguards required by the HIPAA Security Rule.

Administrative Safeguards

• Designated security officer overseeing all HIPAA activities
• Annual workforce training on PHI handling
• Access management policies — least privilege principle
• Regular risk assessments and audits
• Incident response procedures

Physical Safeguards

• SOC 2 Type II certified data centers
• Biometric-controlled access
• 24/7 video surveillance
• Secure disposal of decommissioned hardware

Technical Safeguards

• AES-256 encryption at rest, TLS 1.3 in transit
• Audit logs for all PHI access
• Automatic session timeouts
• Multi-factor authentication for admin access
• Encrypted database backups

Business Associate Agreements (BAA)

For healthcare partners — hospitals, clinics, EMS — we provide signed Business Associate Agreements as part of our partnership process. Contact our partnerships team to discuss BAA arrangements.

Patient Rights

As part of HIPAA, you have the right to access, amend, and request an accounting of disclosures of your PHI. All these rights can be exercised from your account settings or by contacting privacy@emid.global.