Effective 2019

As a Business Associate (BA) under the Health Insurance Portability and Accountability Act (HIPAA), VIDA Diagnostics, Inc. is committed to upholding the security and privacy provisions of the Act (1996) and the additional obligations introduced by the HIPAA Omnibus Final Rule (2013) that apply to BAs.

VIDA has named an Information Security Officer—or, “HIPAA Security Official”—to establish and train VIDA personnel to policies, plans, and procedures intended to uphold the provisions of the Security and Privacy rules as mandated by HIPAA.

VIDA is aware of its ongoing obligation to prevent the disclosure of Protected Health Information (PHI)under all circumstances except where required by law or through the course of normal business operations. VIDA is committed to honoring this obligation. When VIDA receives PHI as governed by contractual obligations, the information is de-identified whenever possible via a strict, HIPAA-compliant protocol. When the information is not de-identified, it is disclosed only to VIDA staff members who are authorized to use the information and only to the extent needed to complete the task at hand.

VIDA enters into HIPAA-compliant business associate agreements with all Covered Entities with whom VIDA partners and with all subcontractors who transmit or otherwise use PHI that originated from VIDA. As an additional safeguard, subcontractors who are Business Associates are obligated to provide VIDA with objective evidence of having upheld the conditions of their agreements. Internal procedures govern this process. In the event the Covered Entity does not have a Business Associate Agreement, we will provide one as an addendum to our Service Agreement.

VIDA is committed to upholding the breach notification requirements of HIPAA in the event—however rare—PHI is disclosed by VIDA or any of its Business Associates in a manner that is in conflict with the requirements mandated by HIPAA.

VIDA is committed to complying with the Department of Health and Human Service’s right to audit VIDA’s records and practices that pertain to the use and disclosure of PHI to ensure compliance with HIPAA, provided reasonable notice is given and the inspection is scheduled during normal business hours.

VIDA has implemented a data back-up procedure and contingency plan in the event of emergency or other occurrences that may adversely impact the continuity of business operations and the integrity of PHI safeguards. The ongoing protection of PHI is thus ensured to the furthest extent reasonable and practicable under such scenarios.

Privacy and security are essential principles that underpin the design of VIDA’s information system. It is within this system that VIDA products operate.

Additional Information and Feedback:

Need more detailed information? Notice an opportunity to improve our statement? Please send us
comments or a request for a detailed security statement to info@vidalung.ai. Feedback is encouraged.