HIPAA Compliance Statement

Dialisa, Inc. (DIALISA) is committed to and has implemented robust information and security technology to ensure its devices, services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). DIALISA is committed to continuous improvement to ensure DIALISA Products incorporate reliable and proven technology privacy and security measures.

As a “Business Associate” per the definition in the HIPAA Act, and by assignment of the HIPAA covered entity, DIALISA is subject to the following controls:

Administrative Safeguards (HIPAA 164.308). DIALISA has implemented policies to ensure appropriate assignment of data access permissions and proper movement and handling of that data. HIPAA training is required for all staff, as well as annual review of policy effectiveness during internal or 3rd party auditing of our Products.

Physical Safeguards (HIPAA 164.310). DIALISA’s primary physical safeguard is to not retain sensitive data in any public or private DIALISA location other than those assigned for database management and quality assurance activities. Specific workstation usage, disposal, reuse and security measures are in place. Access to DIALISA facilities are all independently controlled via token access preventing walk-up intrusion. DIALISA’s data center uses a cloud-based architecture with inherent security measures including 24 hours monitoring, advanced fire protection systems, uninterruptible power and database redundancy. Annual audit of the facility security plan, disaster recovery plan, and contingency plans are in place.

Technical Safeguards (HIPAA 164.312). To further protect sensitive data, DIALISA enforces unique software architecture that includes user identifications, various database audit logging, data integrity systems and verified backups, authentication, digital certificates, various levels of encryption to further obscure protective data from threats.