Fale conosco →
Início / Políticas / Aviso HIPAA
Saúde EUA · HIPAA

Aviso HIPAA.

Como a LENS, Inc. trata informações protegidas de saúde (PHI) quando atua como Business Associate sob HIPAA.

Vigente · 1 May 2026 Versão · 3.2 Aplica-se a · lenscorp.ai e todos os produtos LENS Idiomas · Português (resumo) · Inglês (canônico)
Nota de tradução

Os resumos, navegação e metadados das políticas estão localizados. O corpo jurídico completo usa como fallback o texto canônico em inglês, exceto quando já mantemos uma versão traduzida específica.

01Scope

This notice applies when LENS products (notably VIEW, SAFER and HyperFUSE) are deployed by a US Covered Entity — hospitals, clinics, payers — to process information that meets the definition of PHI under 45 CFR §160.103.

02Business Associate Agreement

Before any PHI is processed, LENS executes a Business Associate Agreement (BAA) with the Covered Entity (or with an upstream Business Associate). Our standard BAA tracks the HHS sample BAA and includes:

  • Permitted uses and disclosures bounded by the underlying contract.
  • Use and disclosure of PHI only as required by the contract or by law.
  • Implementation of administrative, physical and technical safeguards.
  • Reporting of any unauthorised use or disclosure within 5 business days; final breach notification within 60 days of discovery.
  • Return or destruction of PHI on termination, where feasible.

03Safeguards (Security Rule)

For PHI deployments LENS implements the controls in 45 CFR §§164.308, 164.310 and 164.312:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256, FIPS 140-2 validated modules).
  • Audit logging for every PHI access, retained for 6 years.
  • Workforce training annually with attestations.
  • Designated Privacy and Security Officers.
  • Disaster recovery: RPO 1 hour, RTO 4 hours for PHI workloads.

04Breach notification

On discovery of a Breach of Unsecured PHI we notify the Covered Entity without unreasonable delay and no later than 5 business days. Our standard notification includes the identification of affected individuals (where known), nature of the PHI involved, the date of discovery, and our containment status.

05Subcontractors

Any subcontractor that creates, receives, maintains or transmits PHI on behalf of LENS executes a back-to-back BAA. Current subcontractors for PHI workloads: AWS (us-east-1, with AWS BAA) and Microsoft Azure (East US 2, with Microsoft BAA). No other sub-processor receives PHI.

06Minimum necessary

LENS configurations support the Minimum Necessary standard: role-based views, redaction at the point of inference (face blur, voice masking), and per-purpose retention. Configuration help: hipaa@lenscorp.ai.

07Contact

HIPAA-related queries: hipaa@lenscorp.ai. US Privacy Officer: LENS, Inc., 4288 Indian Glen Drive, Okemos, MI 48864.

Precisa de um aviso regional?

Publicamos avisos complementares para Índia, UE/Reino Unido, saúde nos EUA, Califórnia e Brasil.

Ver todas as políticas
Políticas relacionadas
Política de privacidade Aviso globalDivulgações de segurança Controles, certificações, sub-processadoresIA responsável Nossos princípios de governança de IAAviso GDPR UE e Reino Unido · divulgações complementaresAviso CCPA Direitos do consumidor da CalifórniaTermos de serviço Termos de uso do site