HIPAA Compliance

Our commitment to protecting your health information

Our Commitment to HIPAA Compliance

Dermalynx is committed to maintaining the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. This notice describes how medical information about you may be used and disclosed and how you can access this information.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for the protection of sensitive patient health information. HIPAA requires organizations that handle PHI to implement physical, network, and process security measures to ensure compliance.

Our Role as a Business Associate

As a distributor of medical products, Dermalynx may act as a Business Associate under HIPAA when we receive, maintain, or transmit PHI on behalf of our covered entity partners. In this capacity, we:

  • Enter into Business Associate Agreements (BAAs) with covered entities as required
  • Implement appropriate administrative, physical, and technical safeguards
  • Limit use and disclosure of PHI to the minimum necessary
  • Report any security incidents or breaches as required by law
  • Ensure our subcontractors comply with HIPAA requirements

How We Protect Your Information

We employ comprehensive safeguards to protect PHI:

Administrative Safeguards

  • Designated privacy and security officers
  • Workforce training on HIPAA requirements
  • Policies and procedures for handling PHI
  • Regular risk assessments and audits
  • Incident response and breach notification procedures

Physical Safeguards

  • Facility access controls
  • Workstation security measures
  • Device and media controls
  • Secure disposal of PHI

Technical Safeguards

  • Access controls and unique user identification
  • Encryption of PHI in transit and at rest
  • Audit controls and activity logging
  • Automatic logoff and session management
  • Integrity controls for electronic PHI

Uses and Disclosures of PHI

We may use or disclose PHI only as permitted or required by HIPAA, including for:

  • Treatment: To support healthcare providers in delivering care to patients
  • Payment: To process orders and billing for medical products
  • Healthcare Operations: To support quality assessment and improvement activities
  • As Required by Law: When required by federal, state, or local law
  • With Authorization: For other purposes with your written authorization

Your Rights Under HIPAA

You have certain rights regarding your PHI:

  • Right to Access: You may request access to your PHI that we maintain
  • Right to Amend: You may request corrections to your PHI if you believe it is inaccurate
  • Right to an Accounting: You may request a list of certain disclosures of your PHI
  • Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI
  • Right to Confidential Communications: You may request that we communicate with you in a specific manner
  • Right to a Copy of This Notice: You may request a paper copy of this notice at any time

Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals, the Department of Health and Human Services (HHS), and, in certain circumstances, the media, as required by the HIPAA Breach Notification Rule. We maintain incident response procedures to promptly identify, contain, and remediate any security incidents.

Business Associate Agreements

Healthcare providers and other covered entities working with Dermalynx may request a Business Associate Agreement (BAA). Our BAAs outline our responsibilities for protecting PHI and comply with HIPAA requirements. Please contact us to request a BAA or discuss HIPAA compliance requirements.

Training and Awareness

All Dermalynx employees who may come into contact with PHI receive comprehensive HIPAA training upon hire and annual refresher training. Our training program covers privacy and security requirements, proper handling of PHI, and incident reporting procedures.

Changes to This Notice

We reserve the right to change this HIPAA notice and make the revised notice effective for PHI we already have as well as any information we receive in the future. We will post the current notice on our website with the effective date.

Contact Our Privacy Officer

If you have questions about this notice, our HIPAA compliance practices, or wish to exercise your rights, please contact our Privacy Officer:

Dermalynx Privacy Officer

Email: privacy@dermalynx.com

You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.