At Pleiades, we take the privacy and security of your health information extremely seriously. Our platform is designed and built to be fully compliant with the Health Insurance Portability and Accountability Act (HIPAA), the federal law that sets the standard for protecting sensitive patient data.
What is HIPAA?
HIPAA (Health Insurance Portability and Accountability Act) is a federal law enacted in 1996 that protects sensitive patient health information from being disclosed without the patient's consent or knowledge. The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information.
Our HIPAA Compliance Measures
Comprehensive Risk Assessment
We conduct regular risk assessments of our entire platform to identify and address potential vulnerabilities. This includes:
- Systematic evaluation of technical safeguards
- Review of administrative procedures
- Analysis of physical security measures
- Third-party security audits and penetration testing
Technical Safeguards
Our platform incorporates robust technical safeguards to protect your health information:
- End-to-end encryption for all communications
- Secure transmission of data using TLS 1.2 or higher
- Encryption of data at rest using AES-256
- Role-based access controls
- Automatic session timeouts
- Audit logging of all system activities
- Secure backup procedures
Administrative Safeguards
We maintain strict administrative policies and procedures:
- Comprehensive privacy and security policies
- Regular staff training on HIPAA requirements
- Background checks for all employees
- Formal incident response procedures
- Regular compliance audits
- Designated Privacy and Security Officers
Physical Safeguards
Our physical infrastructure is secured through:
- Hosting in HIPAA-compliant data centers
- Physical access restrictions to server facilities
- Environmental controls and monitoring
- Secure disposal of hardware and media
Business Associate Agreements
We maintain Business Associate Agreements (BAAs) with all service providers who may have access to protected health information (PHI). These legally binding contracts ensure that our partners maintain the same high standards of privacy and security that we do.
Your Rights Under HIPAA
As a Pleiades user, you have several rights regarding your health information:
- Right to Access: You can request and receive a copy of your health records
- Right to Amend: You can request corrections to your information if you believe it's incorrect
- Right to an Accounting of Disclosures: You can request a list of times we've shared your health information
- Right to Request Restrictions: You can ask us to limit the information we share
- Right to Request Confidential Communications: You can ask us to contact you in a specific way
To exercise any of these rights, please contact our Privacy Officer at support@pleiadesmh.com.
Breach Notification
In the unlikely event of a breach of unsecured protected health information, we have procedures in place to:
- Promptly identify and investigate the breach
- Notify affected individuals without unreasonable delay (no later than 60 days following discovery)
- Notify the Department of Health and Human Services
- Notify media outlets if the breach affects more than 500 individuals
- Take steps to mitigate harm and prevent future breaches
HIPAA Training for Therapists
All therapists on the Pleiades platform receive training on their HIPAA responsibilities, including:
- Proper handling of protected health information
- Using the platform's security features correctly
- Understanding restrictions on sharing information
- Recognizing and reporting potential security incidents
Questions About HIPAA Compliance
If you have any questions about our HIPAA compliance measures or your rights under HIPAA, please contact our Privacy Officer at support@pleiadesmh.com.