Justransform
Request access
Trust & compliance

HIPAA readiness

Supporting covered entities and business associates who process protected health information (PHI) on the Justransform platform.

HIPAA compliance is a shared responsibility between you and your vendors. This page describes how we typically support regulated workloads. It does not constitute legal advice; confirm your use cases with counsel and execute a Business Associate Agreement (BAA) where required.

When a BAA is required

If you are a covered entity or business associate under HIPAA and you create, receive, maintain, or transmit PHI through our services, you will generally need a BAA with Justransform before putting PHI into production environments.

What we provide

  • A standardized Business Associate Agreement that allocates responsibilities for safeguarding PHI in line with the HIPAA Security and Breach Notification Rules, subject to legal review on both sides;
  • Administrative and technical safeguards appropriate to a cloud integration platform — access controls, encryption in transit, logging and monitoring, subprocessors governed by written agreements, and documented incident response procedures;
  • Assurance artifacts such as SOC 2 Type II (where available) to complement HIPAA due diligence — see SOC 2 Type II.

Your responsibilities

You are responsible for:

  • Configuring integrations so PHI is minimized, encrypted, and accessed only by authorized workforce members;
  • Maintaining accurate BA relationships downstream (e.g. with your trading partners or subprocessors);
  • Conducting your own risk analysis and workforce training;
  • Notifying us without undue delay if you suspect unauthorized access to PHI in the services.

Next steps

To discuss HIPAA alignment or request a BAA template, contact us through Request access and reference HIPAA / BAA in your submission.

Begin

Discuss HIPAA alignment or a BAA.

Request accessSOC 2 Type II