HIPAA Compliance

Curely AI is committed to maintaining the privacy and security of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

We act as a Business Associate to our healthcare clients (Covered Entities). We require a signed Business Associate Agreement (BAA) before any PHI is processed or stored on our platform. Our BAA clearly defines our obligations regarding the safeguarding of PHI.

Curely AI complies with the HIPAA Security Rule by implementing rigorous administrative, physical, and technical safeguards. This includes encryption of data at rest (AES-256) and in transit (TLS 1.3), strict role-based access controls, and comprehensive audit logging.

We only use or disclose PHI as permitted by our BAA and the HIPAA Privacy Rule. We do not sell PHI or use it for unauthorized marketing purposes. We ensure that our employees are trained on HIPAA privacy requirements and adhere strictly to the principle of "minimum necessary" access.

In the event of a security incident that compromises PHI, Curely AI complies fully with the HIPAA Breach Notification Rule. We will promptly notify affected Covered Entities to allow them to meet their notification obligations to patients and the Department of Health and Human Services.

We undergo regular third-party audits to verify our adherence to HIPAA standards and our BAA obligations. In addition to HIPAA compliance, we maintain SOC 2 Type II and HITRUST certifications to demonstrate our ongoing commitment to healthcare data security.