Legal · HIPAA
HIPAA Compliance
AccessBio operates HIPAA-compliant infrastructure for all member data originating from US partner clinics. Equivalent regional standards (GDPR, LGPD, PIPEDA) apply in other jurisdictions.
Covered data
All Protected Health Information (PHI) collected, processed or stored on behalf of US members is handled in accordance with the HIPAA Privacy and Security Rules.
Business associate agreements
AccessBio maintains BAAs with every vendor that touches PHI. A current list is available to members on request via the dashboard.
Breach response
In the event of a confirmed breach, affected members are notified within 60 days and supported, at no cost, with identity-protection measures.