HIPAA COMPLIANCE

Our commitment to protecting your health information

🛡️

HIPAA Compliant Since 2020

True Arete maintains full compliance with the Health Insurance Portability and Accountability Act

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for the protection of sensitive patient health information. As a provider of genetic testing and health-related services, True Arete is committed to maintaining the highest standards of privacy and security for your health information.

Protected Health Information (PHI)

What We Consider PHI

At True Arete, Protected Health Information includes:

Genetic test results and analysis
Medical history and health questionnaires
Biomechanical assessment data
Performance protocols tailored to health conditions
Any information that could identify you combined with health data

How We Protect PHI

ADMINISTRATIVE SAFEGUARDS

Regular employee training on HIPAA compliance
Access controls limiting PHI to authorized personnel
Business Associate Agreements with all vendors
Incident response procedures

PHYSICAL SAFEGUARDS

Secure facilities with controlled access
Locked storage for physical records
Secure disposal procedures
Equipment access controls

TECHNICAL SAFEGUARDS

256-bit encryption at rest and in transit
Multi-factor authentication
Automatic logoff procedures
Audit logs and monitoring

Your HIPAA Rights

Right to Access

You have the right to inspect and obtain a copy of your health information. We will provide this within 30 days of your request.

Right to Amend

You may request corrections to your health information if you believe it is incorrect or incomplete.

Right to Accounting

You can request a list of disclosures we have made of your health information for purposes other than treatment, payment, or operations.

Right to Restrict

You may request restrictions on how we use or disclose your health information, though we are not always required to agree.

Right to Confidential Communications

You can request that we communicate with you about health matters in a specific way or at a specific location.

Right to Notice

You have the right to receive a copy of our Notice of Privacy Practices, which details how we protect your information.

Breach Notification

In the unlikely event of a breach affecting your Protected Health Information:

You will be notified within 60 days of discovery
We will provide details about what information was involved
We will explain steps you can take to protect yourself
We will describe our response and prevention measures

Business Associates

All third-party vendors who may access PHI are required to:

Sign Business Associate Agreements (BAAs)
Maintain HIPAA compliance in their operations
Report any security incidents immediately
Allow audits of their security practices

Key Partners with BAAsGenetic sequencing laboratories
Cloud storage providers
Data analysis platforms
Communication services

Compliance Audits

True Arete undergoes regular compliance audits:

Annual third-party HIPAA compliance assessment
Quarterly internal security reviews
Monthly access log audits
Ongoing vulnerability scanning

Employee Training

All True Arete employees who handle PHI receive:

Initial HIPAA training upon hiring
Annual refresher training
Role-specific privacy training
Incident response training

Questions or Complaints

HIPAA Privacy Officer

Dr. Sarah Chen
Email: privacy@truearete.com
Phone: +1 (415) 555-0197
Secure Fax: +1 (415) 555-0196

File a Complaint

You may file a complaint with us or with the Secretary of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.

Certifications & Compliance

HIPAA COMPLIANT

Full administrative, physical, and technical safeguards

SOC 2 TYPE II

Audited security controls and procedures

ISO 27001

Information security management certification