HIPAA Compliance

Last Updated: January 1, 2026

Our Commitment

Flore Clinical is committed to maintaining the privacy and security of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Administrative Safeguards

  • Designated Privacy and Security Officers
  • Documented policies and procedures
  • Workforce training on HIPAA requirements
  • Regular risk assessments and audits
  • Incident response procedures
  • Business Associate Agreements with all vendors

Physical Safeguards

  • Secure data center facilities
  • Access controls to physical locations
  • Workstation security policies
  • Device and media controls

Technical Safeguards

  • Encryption of PHI in transit (TLS 1.2+) and at rest (AES-256)
  • Unique user identification and authentication
  • Automatic session timeouts
  • Audit logging of all PHI access
  • Integrity controls and backup procedures
  • Secure transmission protocols

Access Controls

Access to PHI is restricted to authorized personnel on a need-to-know basis. We implement:

  • Role-based access controls
  • Strong password requirements
  • Multi-factor authentication for sensitive operations
  • Regular access reviews

Business Associate Relationships

We maintain Business Associate Agreements (BAAs) with all third parties who may access PHI in the course of providing services. These agreements require compliance with HIPAA requirements.

Breach Notification

In the event of a breach of unsecured PHI, we will:

  • Notify affected individuals within 60 days
  • Notify the HHS Secretary as required
  • Notify media outlets for breaches affecting 500+ individuals
  • Document all breach investigations and responses

Patient Rights

Patients have the right to:

  • Access their health information
  • Request amendments to their records
  • Obtain an accounting of disclosures
  • Request restrictions on certain uses
  • File complaints about privacy practices

Provider Responsibilities

Healthcare providers using our platform are responsible for:

  • Obtaining appropriate patient authorizations
  • Maintaining the confidentiality of login credentials
  • Reporting suspected security incidents
  • Complying with their own HIPAA obligations

Contact Information

For HIPAA-related inquiries or to report a privacy concern:

Email: support@flore.com

Subject Line: HIPAA Inquiry