FeaturesFor ClinicsPricingHow It WorksContact
980-3FASEUPBook Demo

HIPAA Compliance

Last updated: July 31, 2025

Fase AI LLC ("Fase AI," "we," "us," or "our"), a product of Olib AI, is committed to maintaining the highest standards of privacy and security for protected health information (PHI). This document outlines our comprehensive HIPAA compliance program and security measures.

Fase AI is fully HIPAA compliant and will sign a Business Associate Agreement (BAA) with all healthcare providers using our services.

Understanding HIPAA Requirements

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect patients' medical records and other personal health information. As a business associate to healthcare providers, Fase AI adheres to all applicable HIPAA regulations.

Key HIPAA Rules We Follow:

  • Privacy Rule: Protects the privacy of individually identifiable health information
  • Security Rule: Sets standards for the security of electronic PHI (ePHI)
  • Breach Notification Rule: Requires notification of breaches of unsecured PHI
  • Omnibus Rule: Implements additional privacy and security protections

Administrative Safeguards

Security Officer Designation

We have designated a HIPAA Security Officer responsible for:

  • Developing and implementing security policies and procedures
  • Conducting regular risk assessments
  • Managing security incident response
  • Ensuring ongoing compliance with HIPAA regulations

Workforce Training

All Fase AI employees and contractors undergo:

  • Initial HIPAA training upon hiring
  • Annual refresher training on privacy and security
  • Role-specific training for handling PHI
  • Security awareness training including phishing prevention

Access Management

  • Role-based access control (RBAC) implementation
  • Principle of least privilege for all access
  • Regular access reviews and audits
  • Immediate access termination upon employee departure
  • Background checks for all personnel with PHI access

Physical Safeguards

Our infrastructure providers maintain strict physical security controls:

Facility Access Controls

  • • 24/7 security personnel
  • • Biometric access controls
  • • Security cameras and monitoring
  • • Visitor logs and escorts

Workstation Security

  • • Automatic screen locks
  • • Encrypted hard drives
  • • Secure disposal procedures
  • • Remote wipe capabilities

Device Controls

  • • Mobile device management
  • • USB port restrictions
  • • Asset tracking systems
  • • Secure equipment disposal

Environmental Controls

  • • Redundant power systems
  • • Climate control
  • • Fire suppression systems
  • • Flood detection

Technical Safeguards

Access Control

  • Unique user identification for each user
  • Strong password requirements and multi-factor authentication (MFA)
  • Automatic logoff after inactivity
  • Encryption of all PHI in transit and at rest
  • Secure API authentication and authorization

Audit Controls

  • Comprehensive logging of all PHI access and modifications
  • Regular review of audit logs
  • Tamper-proof audit trail storage
  • Real-time alerts for suspicious activities
  • Retention of audit logs for minimum 7 years

Integrity Controls

  • Electronic mechanisms to verify data integrity
  • Version control and change tracking
  • Backup verification procedures
  • Error detection and correction mechanisms

Transmission Security

  • TLS 1.3 encryption for all data transmission
  • End-to-end encryption for sensitive communications
  • VPN requirements for remote access
  • Secure file transfer protocols

Encryption Standards

Our Encryption Implementation

Data at Rest:

  • • AES-256 encryption for all stored PHI
  • • Encrypted database fields for sensitive data
  • • Encrypted backup storage
  • • Full disk encryption on all servers

Data in Transit:

  • • TLS 1.3 for all API communications
  • • Certificate pinning for mobile applications
  • • Encrypted WebSocket connections
  • • HSTS (HTTP Strict Transport Security) enforcement

Key Management:

  • • Hardware Security Module (HSM) for key storage
  • • Regular key rotation procedures
  • • Secure key escrow and recovery
  • • Separation of encryption keys from data

Risk Management Program

Our comprehensive risk management program includes:

Risk Assessment Process

  • Annual comprehensive risk assessments
  • Vulnerability scanning and penetration testing
  • Third-party security audits
  • Continuous monitoring and threat detection
  • Risk mitigation planning and implementation

Incident Response and Breach Notification

In the event of a security incident or potential breach:

Immediate Response Protocol

  1. Contain the incident and prevent further exposure
  2. Assess the scope and impact of the incident
  3. Document all findings and actions taken
  4. Notify affected parties within required timeframes:
    • • Covered entities: Without unreasonable delay (max 60 days)
    • • Individuals: Within 60 days if breach affects 500+ people
    • • HHS: Within 60 days of discovery
    • • Media: For breaches affecting 500+ in a single state
  5. Conduct root cause analysis
  6. Implement corrective actions
  7. Update security measures to prevent recurrence

Business Associate Agreement (BAA)

Fase AI will execute a Business Associate Agreement with all covered entities using our services. Our standard BAA includes:

BAA Key Provisions

  • Permitted uses and disclosures of PHI
  • Safeguard requirements and security standards
  • Breach notification procedures and timelines
  • Subcontractor requirements and flow-down provisions
  • Right to audit and inspection
  • Data return and destruction requirements
  • Indemnification and liability provisions

To request a BAA or discuss specific compliance requirements, please contact our legal team at legal@fase.ai

Compliance Certifications and Audits

Regular Audits

  • • Annual HIPAA compliance audits
  • • Quarterly vulnerability assessments
  • • Monthly security reviews
  • • Continuous compliance monitoring

Infrastructure Compliance

  • • ISO 27001 certified infrastructure
  • • PCI DSS compliant payment processing
  • • NIST framework alignment

Supporting Patient Rights

Fase AI helps healthcare providers fulfill their obligations under HIPAA regarding patient rights:

  • Right to Access: Patients can request copies of their health information
  • Right to Amend: Patients can request corrections to their health information
  • Right to an Accounting: Patients can request a list of disclosures
  • Right to Restrict: Patients can request limitations on uses and disclosures
  • Right to Confidential Communications: Patients can request alternative communication methods

HIPAA Compliance Contact

For questions about our HIPAA compliance program, to report a concern, or to request a Business Associate Agreement:

HIPAA Security Officer: compliance@fase.ai

Company: Fase AI LLC (a product of Olib AI)

Legal Email: legal@fase.ai

Phone: 980-332-7387

Address: Stone Mountain, GA

Security Incident Reporting: If you suspect a security incident or breach involving PHI, please contact us immediately at security@fase.ai or call our 24/7 security hotline.

Our Commitment

Fase AI is committed to maintaining the highest standards of HIPAA compliance. We continuously monitor regulatory changes, update our security measures, and invest in the latest technologies to ensure the protection of PHI entrusted to our platform.