AEROLIBPhysician Advisors
Compliance

HIPAA Compliance

Our commitment to protecting health information

Aerolib Healthcare Solutions LLC maintains full compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the HITECH Act, and all applicable regulations governing the use and disclosure of Protected Health Information (PHI). As a Business Associate to covered entities, we adhere to the highest standards of data privacy and security.

Business Associate Agreements

Aerolib executes Business Associate Agreements (BAAs) with all covered entity clients before any PHI is transmitted or processed. Our BAAs define the permitted uses and disclosures of PHI, establish safeguard requirements, and outline breach notification procedures in accordance with 45 CFR Part 164.

Administrative Safeguards

  • Designated Privacy and Security Officers responsible for HIPAA compliance oversight
  • Mandatory workforce training on HIPAA regulations, updated annually
  • Comprehensive risk assessments conducted at least annually
  • Documented policies and procedures for PHI handling, access, and incident response
  • Sanctions policy for workforce members who violate HIPAA requirements
  • Business continuity and disaster recovery planning for PHI systems

Technical Safeguards

  • End-to-end AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Role-based access controls (RBAC) ensuring minimum necessary access to PHI
  • Multi-factor authentication (MFA) for all administrative and clinical access
  • Automatic session timeout and audit logging for all PHI access events
  • Intrusion detection and prevention systems monitored 24/7
  • Regular vulnerability scanning and penetration testing

Physical Safeguards

Our infrastructure is hosted on Microsoft Azure's HIPAA-eligible services with SOC 2 Type II certified data centers. Physical access to servers is controlled by Azure's enterprise-grade facility security, including biometric access, 24/7 surveillance, and environmental controls.

Breach Notification

In the event of a breach involving unsecured PHI, Aerolib will notify affected covered entities within 24 hours of discovery, in compliance with 45 CFR 164.410. Our incident response team follows documented procedures to contain, investigate, and remediate any security incidents.

Certifications & Compliance

HIPAA

Full Compliance

TX-RAMP

Certified

SOC 2

Type II (Azure)

HITECH

Compliant

Azure Sentinel

SIEM Monitoring

Defender

Cloud Security

Copyright 2009-2026 Aerolib Healthcare Solutions LLC. All Rights Reserved.