HIPAA

HIPAA-Aware Product Boundary

How Preflix AI frames HIPAA, business associate readiness, safeguards, and public-site limits for sensitive medical bill workflows.

  • No public PHI
  • BAA path for enterprise
  • Safeguard planning
Read HIPAA BoundarySecurity Overview
Clinician reviewing digital health information on a tablet

Public Boundary

Preflix AI's public pages are designed to avoid protected health information. Marketing content, public lookup tools, and general contact forms should not ask visitors to paste bills, account numbers, claim numbers, member IDs, or medical history.

When a user needs account-specific review, the product should direct them to a protected workflow with authentication, transport security, access controls, retention rules, and support channels.

Business Associate Readiness

Some enterprise, employer, advocate, or provider-adjacent use cases may require Business Associate Agreement review. Preflix AI should make that pathway visible and separate from consumer marketing contact.

The BAA process should define permitted uses, safeguards, subcontractor controls, reporting obligations, return or destruction terms, and the support model for privacy requests.

Safeguards

A HIPAA-aware implementation should include administrative, physical, and technical safeguards appropriate to electronic protected health information. Product planning should include access management, audit logs, encryption, secure deletion, workforce training, incident response, and vendor review.

The public website should be honest about status. If a certification or audit has not been completed, the page should describe current controls and current posture without implying completed certification.

Patient Rights Support

Preflix AI can support user workflows that request itemized bills, records, corrections, and dispute documentation. It should not block a user's access to their own documents or make it difficult to export relevant account materials.

Privacy and access requests should have a clear contact path, expected response process, and identity verification appropriate to the request.

Clear Boundaries

What This Means In Practice

These commitments keep the public website useful while leaving sensitive, account-specific work to protected workflows.

BAA Path

Enterprise and partner workflows should include Business Associate Agreement review when legally required.

Minimum Necessary

Sensitive workflows should collect the minimum data needed to complete the requested bill review.

Auditability

Protected workflows should record access, changes, exports, and administrative events.

FAQ

Common Questions

Short answers for the practical decisions this page is meant to support.

Does this page claim HIPAA certification?

No. The page describes HIPAA-aware product boundaries and current safeguards without claiming a completed certification, audit, or compliance status.

When would a BAA conversation be needed?

A BAA review may be needed for certain enterprise, employer, advocate, or provider-adjacent workflows depending on the final data flows and legal roles.

Where should users send account-specific health information?

Users should not send account-specific health information through public pages. Sensitive details should wait for an approved protected workflow or secure support channel.

Enterprise And Partner Review

Discuss BAA, Security, And Protected Workflow Requirements With Preflix AI

Contact Preflix AIRead Security