uBelong
We Stop the World for One
HIPAA Compliance

HIPAA Compliance Commitment

Protecting your child's health information with industry-leading security standards

At 153 Comeback Inc., we take the privacy and security of your child's health information seriously. ubelong.to is designed to be HIPAA (Health Insurance Portability and Accountability Act) compliant, ensuring that all Protected Health Information (PHI) is handled with the highest level of security and confidentiality.

This page outlines our commitment to HIPAA compliance and the measures we take to protect your family's sensitive health data.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.

HIPAA requires healthcare providers, insurers, and their business associates (like ubelong.to) to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of Protected Health Information (PHI).

Our HIPAA Compliance Measures

Encryption

All Protected Health Information (PHI) is encrypted at rest using AES-256 and in transit using TLS 1.3.

Access Controls

Role-based access controls ensure only authorized users can access PHI. Multi-factor authentication required.

Audit Logs

Comprehensive audit trails track all access and modifications to PHI for accountability and monitoring.

Secure Infrastructure

HIPAA-compliant cloud infrastructure with regular security assessments, penetration testing, and monitoring.

Business Associate Agreements

All third-party service providers handling PHI sign HIPAA Business Associate Agreements (BAAs).

Breach Notification

Documented incident response plan with procedures for breach detection, reporting, and notification.

Technical Safeguards

  • Data Encryption: All PHI is encrypted using industry-standard AES-256 encryption at rest and TLS 1.3 in transit
  • Secure Authentication: Multi-factor authentication (MFA) required for all user accounts
  • Access Controls: Role-based access controls (RBAC) limit PHI access to authorized personnel only
  • Automatic Logoff: Sessions automatically terminate after periods of inactivity
  • Audit Controls: Comprehensive logging of all system activity and PHI access

Administrative Safeguards

  • Security Officer: Designated privacy and security officers responsible for HIPAA compliance
  • Employee Training: Regular HIPAA training for all team members with access to PHI
  • Risk Assessment: Annual risk assessments to identify and mitigate security vulnerabilities
  • Incident Response: Documented procedures for detecting, responding to, and reporting security incidents
  • Business Associate Agreements: BAAs with all third-party vendors who handle PHI

Physical Safeguards

  • Secure Data Centers: HIPAA-compliant cloud infrastructure with SOC 2 Type II certified data centers
  • Facility Access Controls: Physical access restrictions and monitoring at data center facilities
  • Workstation Security: Secure workstation configurations for team members accessing PHI
  • Device and Media Controls: Policies for secure disposal and reuse of devices containing PHI

Your Rights Under HIPAA

As a user of ubelong.to, you have the following rights regarding your child's PHI:

  • Right to Access: View and obtain copies of your child's PHI
  • Right to Amendment: Request corrections to inaccurate or incomplete PHI
  • Right to an Accounting: Receive a list of disclosures of your child's PHI
  • Right to Request Restrictions: Request limits on how we use or disclose PHI
  • Right to Confidential Communications: Request communication of PHI by specific means
  • Right to a Copy of This Notice: Obtain a paper copy of our HIPAA privacy practices

Breach Notification

In the unlikely event of a breach of unsecured PHI, we will notify affected individuals without unreasonable delay and in no case later than 60 days following discovery of the breach, as required by HIPAA.

Notification will include a description of the breach, types of information involved, steps individuals should take to protect themselves, what we are doing to investigate and mitigate the breach, and contact information for further inquiries.

Business Associate Agreement (BAA)

For healthcare providers and organizations using ubelong.to, we are committed to signing a Business Associate Agreement as required under HIPAA. Our BAA outlines:

  • Our obligations to safeguard PHI
  • Permitted uses and disclosures of PHI
  • Our agreement to implement appropriate safeguards
  • Breach notification procedures
  • Termination provisions

Questions About HIPAA Compliance?

If you have questions about our HIPAA compliance practices, need to exercise your HIPAA rights, or wish to report a privacy concern, please contact our Privacy Officer:

153 Comeback Inc.

Phoenix, AZ

Email: privacy@ubelong.to