Skip to main content

HIPAA Compliance

Security and compliance built into every aspect of Stillwyn

Built to be fully HIPAA compliant and secure by design

Our HIPAA Commitment

Stillwyn takes the privacy and security of Protected Health Information (PHI) seriously. We have implemented comprehensive administrative, physical, and technical safeguards to ensure full HIPAA compliance. Every feature is designed with privacy and security as the foundation.

Technical Safeguards

Encryption

256-bit AES encryption at rest and TLS 1.3 in transit

Audit Logs

Complete audit trail of all PHI access and modifications

Infrastructure

HIPAA-compliant cloud infrastructure with redundancy

Access Control

Role-based permissions with multi-factor authentication

Administrative Safeguards

  • Regular HIPAA training for all employees
  • Strict access controls and role-based permissions
  • Background checks for all staff with PHI access
  • Documented incident response procedures
  • Regular risk assessments and vulnerability testing
  • Workforce clearance procedures
  • Termination procedures to revoke access immediately

Physical Safeguards

  • Secure data centers with 24/7 monitoring
  • Biometric access controls to server facilities
  • Redundant power and environmental controls
  • Secure disposal and sanitization of hardware
  • Device and media controls

Business Associate Agreement (BAA)

We sign BAAs with all customers and with our subcontractors who may have access to PHI. Our standard BAA includes:

  • Clear definitions of permitted uses of PHI
  • Requirements for safeguarding PHI
  • Breach notification procedures within 60 days
  • Terms for return or destruction of PHI
  • Subcontractor compliance requirements

Third-Party Audits & Certifications

  • Annual security audits
  • Quarterly penetration testing
  • Continuous vulnerability scanning
  • HIPAA compliance assessments
  • Security awareness training certifications

Data Breach Response

In the unlikely event of a data breach, we will:

  • Notify affected parties within 60 days as required by HIPAA
  • Provide detailed information about the breach and affected data
  • Offer credit monitoring services if appropriate
  • Cooperate with OCR investigations
  • Implement measures to prevent future breaches
  • Document all breach response activities

Minimum Necessary Standard

We adhere to HIPAA's minimum necessary standard, ensuring that only the minimum amount of PHI necessary to accomplish the intended purpose is used, disclosed, or requested.

Questions About HIPAA Compliance?

For questions about our HIPAA compliance or to request a copy of our BAA:

Privacy Officer: hipaa@stillwyn.com

General inquiries: founders@stillwyn.com