Vora
Next-Gen Lab Management
Back to Home

HIPAA Compliance

Last Updated: April 27, 2023

HIPAA Compliance Statement

Vora is committed to ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) for users who handle Protected Health Information (PHI). This page outlines our approach to HIPAA compliance and the measures we take to protect PHI.

Business Associate Agreement

For customers who are Covered Entities under HIPAA and use our platform to store, process, or transmit PHI, we offer a Business Associate Agreement (BAA). This agreement establishes the permitted and required uses and disclosures of PHI by Vora, provides for safeguarding PHI, and outlines obligations in case of a data breach.

To request a BAA, please contact us at contact@voralab.app.

Security Measures

We implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI, including:

  • Encryption: All PHI is encrypted both in transit and at rest using industry-standard encryption protocols.
  • Access Controls: We implement role-based access controls to ensure that only authorized personnel have access to PHI.
  • Audit Logging: We maintain detailed audit logs of all activities related to PHI.
  • Risk Assessment: We conduct regular risk assessments to identify and address potential vulnerabilities.
  • Employee Training: All employees receive regular training on HIPAA compliance and security best practices.
  • Incident Response: We have a comprehensive incident response plan in place to address any potential security incidents.

Data Breach Notification

In the event of a breach of unsecured PHI, we will notify affected customers without unreasonable delay and in no case later than 60 calendar days after discovery of the breach. The notification will include, to the extent possible:

  • A description of the breach
  • A description of the types of information involved in the breach
  • Steps individuals should take to protect themselves from potential harm
  • A brief description of what we are doing to investigate the breach, mitigate harm, and prevent future breaches
  • Contact procedures for individuals to ask questions or learn additional information

Your Responsibilities

While we provide a HIPAA-compliant platform, customers who are Covered Entities or Business Associates are responsible for:

  • Ensuring they have appropriate BAAs in place with Vora
  • Using the platform in a manner consistent with HIPAA requirements
  • Properly configuring access controls and permissions within their account
  • Training their staff on proper handling of PHI
  • Reporting any suspected or confirmed breaches to Vora promptly

Contact Us

If you have any questions about our HIPAA compliance or need to report a security incident, please contact our Privacy Officer at contact@voralab.app.