UNILOOP
Login

HIPAA Compliance at UNILOOP

This notice describes how UNILOOP meets or exceeds US HIPAA requirements for protecting the privacy and security of patient health information (PHI) across all clinics, merchants, and providers who use our platform.

What is HIPAA and Who is Covered?

HIPAA (Health Insurance Portability and Accountability Act) protects the privacy, security, and access to individually identifiable health information. Covered entities include healthcare providers, clinics, pharmacies, and their business associates—including SaaS vendors like UNILOOP.

Platform, Hosting, and Business Associate Agreements (BAA)

UNILOOP operates fully in US data centers with encrypted transit and at-rest storage. All merchants/clinics and their partners sign a Business Associate Agreement (BAA) with UNILOOP as a HIPAA business associate. Merchants and providers are themselves covered entities or business associates of record for their patients.

How UNILOOP Protects PHI

  • All PHI is always encrypted at rest and in transit.
  • Role-based access controls (RBAC) and detailed audit trails/logs are provided to every merchant, clinic, and provider on the platform.
  • Patients and providers access only their authorized records through secure, authenticated portals tied to their clinic or merchant instance.
  • Data hosting is always in HIPAA-audited US data centers—never outside the US.

Patient Rights & Transparency

  • Patients can request a copy of, correction to, or deletion of their health records according to HIPAA regulations—by submitting a request through their clinic or by contacting UNILOOP.
  • We provide a transparent, easy-to-understand portal explaining how and where data is stored and accessed, including consent history and audit logs.

Breach Notification and Incident Response

In the unlikely event of a data breach or unauthorized PHI access, UNILOOP will immediately notify the relevant covered entity and carry out regulatory breach notification in accordance with HIPAA standards. All incidents are logged and reviewed internally, with full transparency for affected clinics/merchants and, where required, their patients.

Contact for Privacy or Compliance Questions

If you have any questions about UNILOOP’s HIPAA program, data security, or if you need a sample BAA signed, please email hipaa@uniloop.com. Our US-based compliance and legal team responds within 1 business day to all requests.