HIPAA Compliance
Last Updated: January 15, 2025
Our Commitment: LUNA is built from the ground up with healthcare data security in mind. We understand the critical importance of protecting patient health information (PHI) and are committed to maintaining HIPAA-eligible infrastructure.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. As a service provider to healthcare practices, LUNA operates as a Business Associate under HIPAA.
Our Security Measures
Technical Safeguards
- Encryption in Transit: All data transmitted to and from LUNA uses TLS 1.3 encryption
- Encryption at Rest: Patient data is encrypted using AES-256 encryption
- Access Controls: Role-based access ensures only authorized personnel can access PHI
- Audit Logging: Comprehensive logging of all system access and data interactions
- Automatic Session Timeout: Inactive sessions are automatically terminated
Administrative Safeguards
- Employee Training: All team members complete HIPAA compliance training
- Security Policies: Documented policies and procedures for handling PHI
- Risk Assessments: Regular security risk assessments and vulnerability testing
- Incident Response: Documented procedures for responding to potential breaches
Physical Safeguards
- Cloud Infrastructure: Hosted on HIPAA-eligible cloud infrastructure (Azure/AWS)
- Data Center Security: SOC 2 Type II certified data centers
- Workstation Security: Secure workstation policies for all employees
Business Associate Agreement (BAA)
LUNA will execute a Business Associate Agreement with all healthcare practice clients. The BAA outlines our responsibilities for protecting PHI and our commitment to HIPAA compliance. Contact us at hipaa@lunaphone.ai to request a BAA.
Data Handling Practices
- We only collect and process the minimum necessary PHI required to provide our services
- Patient data is never sold or shared with third parties for marketing purposes
- Data retention policies align with healthcare record-keeping requirements
- Secure data deletion upon contract termination or client request
Your Responsibilities
While LUNA maintains HIPAA-eligible infrastructure, covered entities (healthcare practices) are responsible for:
- Executing a BAA with LUNA before processing PHI
- Ensuring staff are trained on proper use of the LUNA platform
- Maintaining appropriate access controls for their practice's LUNA account
- Reporting any suspected security incidents promptly
Contact Us
For questions about our HIPAA compliance practices or to request a Business Associate Agreement:
Email: hello@lunaphone.ai
Address: LunaPhone.AI LLC, Chicago, IL