Skip to content

HIPAA Compliance

Last updated: April 2026

1. HIPAA Overview

RT Hub is committed to maintaining the privacy, security, and integrity of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. When you use RT Hub for healthcare-related activities, we ensure that health information is protected with the same rigor as traditional healthcare providers.

2. Business Associate Agreement (BAA)

RT Hub maintains a Business Associate Agreement (BAA) with covered entities and business associates as required by HIPAA. This agreement outlines:

  • Permitted uses and disclosures of PHI
  • Safeguards for protecting PHI
  • Subcontractor obligations
  • Breach notification procedures
  • Audit and compliance obligations

To request a BAA or for questions, contact: hipaa@axifi.ai

3. Privacy Rule Compliance

RT Hub implements controls to ensure compliance with the HIPAA Privacy Rule:

  • PHI Access Controls: Role-based access control (RBAC) ensures only authorized personnel access PHI
  • Minimum Necessary: Employees access only the minimum PHI necessary to perform their job functions
  • User Authentication: Multi-factor authentication (MFA) required for all access to PHI
  • Audit Controls: Comprehensive audit logs track all PHI access and modifications
  • De-identification: We remove or encrypt identifiers to create de-identified datasets for research and analytics
  • Patient Rights: Patients can request access to, amendment of, and deletion of their PHI

4. Security Rule Compliance

RT Hub maintains comprehensive technical and organizational safeguards for PHI security:

  • Encryption in Transit: TLS 1.3+ for all data transmission
  • Encryption at Rest: AES-256 encryption for all stored PHI
  • Access Controls: Role-based access control with principle of least privilege
  • Integrity Controls: Cryptographic checksums verify data integrity
  • Authentication: MFA for all administrative and clinical staff
  • Transmission Security: Secure file transfer protocols for exchanging PHI
  • Backup and Recovery: Regular encrypted backups with tested recovery procedures

5. Breach Notification

In the event of a confirmed breach of unsecured PHI, RT Hub will:

  • Notify affected individuals without unreasonable delay, typically within 24 hours
  • Provide notification to covered entities and business associates within 24 hours
  • Include notification to prominent media outlets for large-scale breaches
  • Document breach details including extent of PHI involved and mitigation steps taken
  • Cooperate with OCR investigations and regulatory requirements

6. Administrative Safeguards

RT Hub maintains robust administrative controls including:

  • Workforce Security: Documented policies for authorization, supervision, and termination
  • Training & Awareness: Annual HIPAA training for all employees handling PHI
  • Security Management: Chief Information Security Officer and HIPAA compliance officer
  • Risk Assessment: Annual security risk assessments and vulnerability testing
  • Incident Response: 24/7 monitoring with documented incident response procedures
  • Business Continuity: Disaster recovery plan with tested backup systems

7. Telehealth Specific Compliance

For telehealth consultations, RT Hub ensures:

  • Video and audio encryption end-to-end
  • No recording without explicit patient consent
  • Secure transmission of any medical records or test results
  • HIPAA-compliant session logging and audit trails
  • Proper patient authentication and identity verification
  • Prescriptions transmitted securely via encrypted channels

8. Certification & Audit

RT Hub maintains the following certifications and undergoes regular audits:

  • SOC 2 Type II Audit - Annual independent audit of security controls
  • HIPAA Compliance Attestation - Annual attestation of HIPAA compliance
  • Penetration Testing - Quarterly third-party security assessments
  • Risk Assessments - Annual comprehensive security risk assessments
  • Vulnerability Scanning - Continuous automated vulnerability scanning

9. Patient Rights

RT Hub respects and facilitates the following HIPAA patient rights:

  • Right to Access: Obtain a copy of PHI in electronic format
  • Right to Amendment: Request correction of inaccurate or incomplete PHI
  • Right to Accounting: Request a list of disclosures of PHI
  • Right to Confidential Communication: Request alternative means of communication
  • Right to Restrict Use: Request restrictions on uses and disclosures
  • Right to Opt-Out: Opt-out of certain communications
  • Right to File Complaint: File a complaint with HHS Office for Civil Rights

10. Contact & Complaints

For HIPAA compliance questions or to file a complaint:

RT Hub HIPAA Compliance Officer
Email: hipaa@rthub.io
Phone: +1 (555) 123-4567

HHS Office for Civil Rights
To file a complaint with HHS OCR, visit: https://www.hhs.gov/hipaa/filing-a-complaint/

Hi!