HIPAA Compliance
How Skin Type Solutions PRO protects patient health information and ensures compliance with HIPAA regulations.
At Skin Type Solutions, we understand the critical importance of protecting patient health information. Our platform is built from the ground up with HIPAA compliance as a core principle.
Key Commitments:
- Maintaining physical, technical, and administrative safeguards
- Regular security assessments and updates
- Employee training on HIPAA requirements
- Incident response and breach notification procedures
- Business Associate Agreements (BAAs) with all subcontractors
We implement comprehensive technical safeguards to protect electronic Protected Health Information (ePHI) stored or transmitted through our platform:
Access Control
- Unique user identification
- Automatic logoff after inactivity
- Encryption and decryption
- Role-based access controls
Data Protection
- 256-bit AES encryption at rest
- TLS 1.3 encryption in transit
- Secure data backup procedures
- Data integrity controls
Audit Controls
- Comprehensive audit logs
- Activity monitoring
- Login attempt tracking
- Data access logging
Network Security
- Firewall protection
- Intrusion detection systems
- Regular vulnerability scanning
- Secure API endpoints
Our infrastructure providers maintain strict physical security controls:
- SOC 2 Type II certified data centers
- 24/7 security monitoring and surveillance
- Biometric access controls
- Environmental controls (fire suppression, climate control)
- Secure disposal of hardware and media
We maintain comprehensive administrative safeguards to ensure proper handling of PHI:
Security Officer
Designated HIPAA Security Officer responsible for developing and implementing security policies and procedures.
Workforce Training
Regular HIPAA training for all employees with access to PHI, including annual refresher courses.
Access Management
Procedures for authorizing and modifying access to ePHI based on role and minimum necessary standards.
Risk Assessments
Regular risk assessments to identify and address potential vulnerabilities in our security infrastructure.
Our BAA includes:
- Clear definition of permitted uses and disclosures of PHI
- Safeguard requirements for protecting PHI
- Breach notification procedures
- Subcontractor management provisions
- Return or destruction of PHI upon termination
To request a BAA, please contact our compliance team atcompliance@skintypesolutions.com
While we provide HIPAA-compliant infrastructure, healthcare providers using our platform also have responsibilities:
- Obtain patient consent for electronic communications when required
- Implement appropriate administrative, physical, and technical safeguards in your practice
- Train your staff on proper handling of PHI
- Use strong, unique passwords and enable two-factor authentication
- Report any suspected security incidents immediately
- Ensure minimum necessary access for all users
- Maintain your own HIPAA compliance program
In the unlikely event of a breach involving PHI, we have established procedures to ensure prompt notification and appropriate response:
Breach Response Timeline:
- Immediate: Contain the breach and assess scope
- Within 24 hours: Begin investigation and documentation
- Within 60 days: Notify affected covered entities
- Ongoing: Provide updates and support remediation efforts
To report a suspected breach or security incident, contact our security team immediately at:security@skintypesolutions.com
We maintain an ongoing commitment to HIPAA compliance through:
Annual Risk Assessments
Comprehensive evaluation of security measures
Third-Party Audits
Independent security assessments
Penetration Testing
Regular security vulnerability testing
Policy Updates
Continuous improvement of security policies