Back to home

HIPAA Compliance

NyxPulse is designed to support healthcare organizations while maintaining strict HIPAA compliance.

HIPAA-Ready Platform

Data Encryption

All data in transit uses TLS 1.2+. Protected health information at rest is AES-256 encrypted.

Access Controls

Role-based access, multi-factor authentication, and audit logging of all data access.

Business Associate Agreement

We sign BAAs with covered entities and business associates as required by HIPAA.

Breach Notification

Immediate notification protocol in case of unauthorized access or data breach.

Overview

NyxPulse is built to support healthcare organizations with strict HIPAA compliance requirements. We maintain administrative, physical, and technical safeguards appropriate for handling Protected Health Information (PHI).

Administrative Safeguards

  • Designated privacy and security officers
  • Regular workforce training on HIPAA obligations
  • Policies and procedures for PHI handling
  • Authorization and access management
  • Regular risk assessments and compliance audits

Physical Safeguards

  • Secure data centers with restricted access
  • Environmental controls (fire suppression, temperature monitoring)
  • Surveillance and intrusion detection systems
  • Workstation security and device controls

Technical Safeguards

  • Encryption: AES-256 for data at rest, TLS 1.2+ for data in transit
  • Authentication: Multi-factor authentication, strong password policies
  • Audit Controls: Comprehensive logging of access, modifications, and deletions
  • Access Controls: Role-based permissions, principle of least privilege
  • Integrity Controls: Data validation and checksums

Business Associate Agreement (BAA)

If you are a HIPAA-covered entity or business associate, we require execution of a Business Associate Agreement before you process any Protected Health Information through our platform. The BAA specifies:

  • Permitted uses and disclosures of PHI
  • Security and privacy requirements
  • Breach notification obligations
  • Permitted subcontractors and their obligations
  • Right to audit and inspect compliance

To request a BAA template, contact hipaa@nyxpulse.com.

Breach Notification

In the unlikely event of a confirmed breach of unsecured PHI, we will:

  1. Notify you without unreasonable delay (generally within 24 hours)
  2. Provide information about the breach, individuals affected, and mitigation steps
  3. Cooperate with your breach notification obligations to individuals and regulators
  4. Retain evidence for regulatory review

Subcontractors

We may use subcontractors to process PHI. All subcontractors are contractually bound to the same privacy and security obligations as NyxPulse. Current subcontractors:

  • Stripe (payment processing) — PCI-DSS compliant
  • Clerk (authentication) — SOC 2 Type II certified
  • Vercel (hosting) — SOC 2 Type II, ISO 27001 certified

Compliance Audits & Assessments

We conduct regular security audits and penetration testing. We are happy to provide:

  • Evidence of compliance (audit reports, certifications)
  • Right to conduct audits and inspections (as specified in BAA)
  • Copies of security and privacy policies

State Privacy Laws

We also comply with state-level privacy laws including CCPA (California), CPA (Colorado), and similar regulations. We respect user rights regarding data access, deletion, and opt-out.

Contact & Support

For HIPAA compliance questions, audit requests, or to initiate a BAA:

NyxCollective LLC

HIPAA Privacy Officer: privacy@nyxpulse.com

HIPAA Security Officer: security@nyxpulse.com

Phone: (623) 806-4918