HIPAA Compliance

Nyelux operates under HIPAA-aligned administrative, physical, and technical safeguards. Our platform is designed to support healthcare organizations' compliance obligations while eliminating PHI-related exposure.

No PHI required

Nyelux is designed to operate without Protected Health Information (PHI). We do not collect, store, or require patient data. The platform focuses on medical device information only, which removes a substantial class of PHI-related compliance concerns from your organization's use of the product.

HIPAA safeguards

Administrative

Security officer designation
Workforce training programs
Access management procedures
Regular risk assessments
Incident response plans
Business Associate Agreements

Physical

Facility access controls
Workstation security
Device and media controls
Equipment disposal procedures
Data center security
Environmental protections

Technical

Unique user identification
Automatic logoff
Encryption and decryption
Audit logs and controls
Integrity controls
Transmission security

Compliance features

Business Associate Agreement (BAA)

We provide BAAs to healthcare organizations using Nyelux, establishing clear responsibilities and compliance obligations.

Audit logging

Comprehensive audit trails track all system access and activities, retained for the periods required by HIPAA.

Access controls

Role-based access control with multi-factor authentication ensures only authorized users access appropriate information.

Data encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3), exceeding HIPAA encryption requirements.

Questions about HIPAA compliance?

Our compliance team is ready to discuss how Nyelux meets your HIPAA requirements and provide documentation to support your audits.

Contact compliance team View security details