Business Associate
Agreement (BAA)
How is LuxSci HIPAA compliant?
LuxSci has achieved the HITRUST CSF certification for its services. The HITRUST CSF certification is considered to be the “gold standard” for a compliance framework in the healthcare information industry. It is the most comprehensive and most widely applied security framework in the U.S. healthcare system today and the best possible third-party attestation that an organization’s services are really HIPAA compliant.
There are a few specific LuxSci services that are not GDPR compliant, as they are provided through arrangements with third-party vendors that are specifically focused on HIPAA compliance and US customers. These services include: SecureVideo and SecureChat. They are not available for use by organizations in the EU.
Furthermore, LuxSci performs:
- Yearly internal HIPAA review
- Yearly external HIPAA review (HITRUST)
- Yearly internal risk analysis
- Yearly risk analysis of all of the services it provides
- Yearly risk analysis of vendors and partners
- Yearly penetration tests
- Weekly external and internal network and vulnerability scans of all servers
- Frequent external vulnerability scans of luxsci.com from by 2 different vendors
- Continuous internal staff training on security and HIPAA
- … and much, much more
LuxSci Business Associate Agreement
Customers with HIPAA accounts must read, agree to, sign, and return LuxSci’s HIPAA Business Associate Agreement and can then use LuxSci HIPAA Eligible Services in conjunction with PHI. Customers with HIPAA accounts can read this agreement and fill out the form to signify their agreement to these terms of service and to include their written signature, captured using LuxSci’s Secure Form Ink Signature technology.
Who should sign? To ensure HIPAA compliance, an officer of your organization with legal right to enter into a HIPAA Business Associate Agreement should be the one to sign. If you have someone without sufficient authority sign (a Webmaster, for instance) the agreement, then it’s possible you’re failing to properly meet your obligations under HIPAA.
Can I modify the BAA? LuxSci does not generally accept customer-suggested modifications to its HIPAA BAA nor does LuxSci sign customer-provided BAAs. For customers with a strong need who are purchasing an Enterprise level of service, we can negotiate the BAA. LuxSci ensures that the spirit of its BAA is consistent across all customers so that LuxSci can consistently abide by the terms of the BAA without needing to refer to many various contracts for every situation that may arise.