HIPAA Compliance Statement
Last updated April 4, 2026This statement summarizes how Checksalus approaches HIPAA-aligned operations. It is not a substitute for a Business Associate Agreement, security review, or product-specific implementation documentation.
Our role as a business associate
Where Checksalus handles protected health information on behalf of a covered entity or business associate customer, the company expects that relationship to be governed by a Business Associate Agreement and supporting security documentation.
PHI handling policies
Protected health information is handled according to documented access, storage, transmission, and incident-management procedures designed to support HIPAA-aligned operations and review.
BAA availability
Standard BAA review is available for qualified customer or pilot discussions. Requests can be directed to sales@checksalus.com or initiated through the demo workflow.
Covered entity responsibilities
Customers remain responsible for determining whether Checksalus is appropriate for their use case, configuring access according to organizational policy, and maintaining their own HIPAA obligations as covered entities or downstream business associates.
Security safeguards
Checksalus uses a combination of encryption, access controls, audit logging, and governed infrastructure review to support secure operation in healthcare environments.
Breach notification policy
Suspected security incidents are reviewed under documented incident-response procedures. Where an incident creates applicable notification obligations under contract or law, Checksalus will coordinate notification steps consistent with the governing agreement.