HIPAA Compliance
Last Updated: February 2026
HIPAA-Ready Architecture
Claire is built to meet HIPAA requirements for handling Protected Health Information (PHI)
Our Commitment to Healthcare Compliance
Claire is designed from the ground up to support healthcare organizations in maintaining HIPAA compliance when orchestrating patient workflows. We understand that healthcare data is sensitive and protected under federal law, and we've built our platform accordingly.
HIPAA Safeguards
Administrative Safeguards
- Designated Privacy and Security Officers
- Workforce training and management on HIPAA requirements
- Regular risk assessments and security reviews
- Incident response and breach notification procedures
- Business Associate Agreement (BAA) available. Subprocessor relationships disclosed.
Physical Safeguards
- Secure data centers with controlled physical access
- Workstation security policies and procedures
- Device and media controls for data disposal
- Facility access controls and monitoring
Technical Safeguards
- Encryption of PHI at rest and in transit (AES-256)
- Unique user identification and authentication
- Audit controls and activity logging
- Automatic logoff after inactivity periods
- Transmission security protocols (TLS 1.3)
- Access controls and authorization management
Business Associate Agreements
Claire operates as a Business Associate under HIPAA. We execute Business Associate Agreements (BAAs) with all covered entities and healthcare organizations using our platform to orchestrate workflows involving PHI.
BAA Requirements
If your organization handles PHI and requires a signed BAA before deployment, please contact us at info@the-algo.com to execute the agreement.
Data Handling Practices
- Minimum Necessary Standard: Claire processes only the PHI necessary to accomplish the intended workflow orchestration purpose
- Use and Disclosure Limitations: PHI is used and disclosed only as permitted by the BAA and HIPAA regulations
- Subcontractor Management: All subcontractors handling PHI execute BAAs and meet HIPAA requirements
- Data Retention: PHI retention periods follow HIPAA requirements and organization-specific policies
- Breach Notification: Procedures in place to identify, investigate, and report breaches within required timeframes
Patient Rights
Claire supports healthcare organizations in honoring patient rights under HIPAA, including:
- Right to access their health information
- Right to request amendments to their health records
- Right to an accounting of disclosures
- Right to request restrictions on uses and disclosures
- Right to confidential communications
Ongoing Compliance
HIPAA compliance is not a one-time achievement but an ongoing commitment. We continuously:
- Monitor for security vulnerabilities and threats
- Update policies and procedures based on regulatory changes
- Conduct regular security assessments and audits
- Train personnel on privacy and security requirements
- Review and update our compliance program
Questions About HIPAA Compliance?
If you have questions about how Claire maintains HIPAA compliance or need to discuss specific requirements for your healthcare organization, please contact our compliance team at info@the-algo.com