HIPAA Compliance
HIPAA COMPLIANCE OVERVIEW
Company: Hera Fertility
Date: April 3, 2025
Contact: Thiv Paramsother – thiv@herafertility.co
Introduction
Hera Fertility is committed to maintaining the privacy and security of our users' Protected Health Information (PHI). As a digital health company offering at-home semen testing, fertility coaching, and virtual care, we adhere strictly to the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.
Key Compliance Areas
1. Privacy Rule Compliance
-
Only the minimum necessary PHI is collected, used, and disclosed.
-
We maintain a Notice of Privacy Practices (NPP) to inform users about how their data is used and their rights under HIPAA.
-
Access to PHI is restricted based on role-based permissions (care team, lab personnel, etc.).
2. Security Rule Compliance
-
PHI is stored and transmitted using end-to-end encryption (AES-256).
-
Access to PHI is controlled via multi-factor authentication and audit logs.
-
Our systems are hosted on HIPAA-compliant infrastructure (e.g., AWS, Google Cloud).
3. Breach Notification Rule
-
In the event of a data breach involving PHI, Hera will notify affected individuals and the U.S. Department of Health & Human Services (HHS) in accordance with HIPAA’s breach notification timelines.
Business Associate Agreements (BAAs)
Hera Fertility maintains signed BAAs with all third-party vendors who may access PHI, including:
-
CLIA-certified laboratories
-
Telehealth platforms
-
Cloud service providers
-
Payment processors (if applicable)
Patient Rights & Access
Patients have the right to:
-
Access and receive a copy of their health records
-
Request amendments to their PHI
-
Receive an accounting of disclosures
-
File complaints about our privacy practices
Requests can be submitted via our secure portal or by contacting our Compliance Officer.
Technical & Administrative Safeguards
-
Regular penetration testing and vulnerability scans
-
Staff training on HIPAA compliance during onboarding and annually
-
Written policies and procedures reviewed annually
-
Designated HIPAA Compliance Officer to oversee enforcement and audits
Data Handling Practices
-
At-home test kits are de-identified during lab processing unless medically necessary
-
Reports are shared securely with the patient and (with consent) their referring clinician
-
Data used for analytics or R&D is anonymized and aggregated
Record Retention & Storage
-
PHI is retained for at least 6 years in accordance with HIPAA requirements
-
Secure destruction of data is performed via certified data wiping and shredding services
Contact
For questions or concerns about our HIPAA practices, please contact:
Thiv Paramsother
Compliance & Data Protection Officer
Hera Fertility
thiv@herafertility.co