COMPLIANCE

HIPAA Compliance

Learn about our comprehensive HIPAA safeguards and security measures designed to protect healthcare data.

Effective date: October 26, 2025

This page summarizes how Erxis approaches HIPAA compliance for our product and website. While the marketing site does not store Protected Health Information (PHI), the Erxis platform is designed with safeguards aligned to HIPAA requirements.

1) Scope

  • Website (erxis.net): Marketing content, demo and contact forms. No PHI should be entered here.
  • Product (app.erxis.net): Where PHI may be processed under a Business Associate Agreement (BAA).

2) Administrative safeguards

  • • Access management: Role‑based access control (RBAC) with least‑privilege principles
  • • Workforce training: Security and privacy awareness for team members with access to systems
  • • Vendor management: Due diligence and DPAs/BAAs as appropriate
  • • Incident response: Defined process for detection, triage, response, and notification

3) Physical safeguards

  • • Cloud infrastructure with certified data centers
  • • Segregated environments (production, staging) and controlled access
  • • Encrypted off‑site backups with access logging

4) Technical safeguards

  • • Encryption in transit (TLS 1.2+) and at rest (industry‑standard AES‑256)
  • • Audit logs for access and administrative actions
  • • Secure sharing: Time‑bound, revocable links for invoices and prescriptions with optional password protection
  • • Authentication: Secure password policies; support for additional auth factors on roadmap
  • • Data minimization and retention controls

5) Policies and procedures

  • • Security policy, access control policy, change management, and vulnerability management
  • • Regular review of controls and periodic risk assessments

6) Business Associate Agreements (BAA)

We execute BAAs with covered entities and downstream processors where applicable. Contact us to request a BAA.

7) Patient rights and data requests

For product data requests related to PHI, please contact your provider or the clinic operating the Erxis instance. For website data requests, email legal@erxis.net.

8) Responsible use of the website

Do not submit PHI via public contact or demo forms. Use the product's secure channels for patient information.

9) Contact

Security and compliance inquiries: legal@erxis.net