HIPAA Compliance Statement

The Pathagility system (System) employs industry standard best practices in a continuing focus to support compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The System is constructed upon a widely accepted architecture and is continually updated to ameliorate threats, reduce attack vectors and ensure secure data exchange. All external communication with the System is TLS/SSL encrypted via industry standard verifiable X509 certificates issued by a globally trusted certificate authority. All internal System communication is at least TLS/SSL encrypted and uses chain-of-trust verifiable entities wherever possible. The System has restrictive inbound and outbound network layer access control parameter resource protections in addition to application level authentication and authorization safeguards. The System logs and persists all access.

All System access is protected via cryptographically verifiable user credentialing. All user access is logged and persisted. No arbitrary queries are permitted to any service. All requests and data access, including data ownership, are verified via user credentials.

This HIPAA Statement is made and limited to the System. While Pathagility aggressively pursues supporting HIPAA compliance with respect to the System, Pathagility cannot ensure a HIPAA compliant environment where such environment includes, without limitation, integrated applications in addition to and/or other than the System, or where the System is not being operated or utilized consistent with its design and capability protocols. Further this statement is not intended nor will it operate as a warranty for the System with respect to HIPAA compliance and Pathagility shall not be responsible for any loss, damage or such other claim of any kind as may result from the use of the System.