HIPAA Compliance

Last Updated: December 10, 2025

HIPAA Compliant Platform

Lilac is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and implements comprehensive safeguards to protect your health information.

Our Commitment to HIPAA Compliance

At Lilac, we understand the critical importance of protecting your health information. We are committed to maintaining the highest standards of privacy and security in accordance with HIPAA regulations. This page outlines our practices and your rights under HIPAA.

Protected Health Information (PHI)

Under HIPAA, Protected Health Information includes any individually identifiable health information. At Lilac, we handle the following types of PHI:

  • Medical history and health conditions
  • Treatment plans and care instructions
  • Medication schedules and prescriptions
  • Laboratory results and diagnostic reports
  • Appointment history and healthcare provider communications

Security Safeguards

We implement comprehensive safeguards to protect your PHI:

Technical Safeguards

  • 256-bit AES encryption for data at rest and in transit
  • Role-based access controls and multi-factor authentication
  • Comprehensive audit logging of all PHI access
  • Automated encrypted backups with disaster recovery

Physical Safeguards

  • SOC 2 Type II certified data centers
  • Biometric and keycard facility access controls
  • Secure media disposal procedures

Administrative Safeguards

  • Regular HIPAA training for all employees
  • Comprehensive privacy and security policies
  • Business Associate Agreements with all vendors

Your HIPAA Rights

Under HIPAA, you have specific rights regarding your health information:

  • Right to access and obtain copies of your health records
  • Right to request amendments to your health information
  • Right to receive an accounting of disclosures
  • Right to request restrictions on certain uses of your PHI
  • Right to request confidential communications

Breach Notification

In the unlikely event of a breach affecting your PHI, we will notify you within 60 days as required by HIPAA. Our notification will include a description of what happened, the types of information involved, steps you should take, and what we are doing to investigate and mitigate the breach.

HIPAA Privacy Officer

For HIPAA-related inquiries, to exercise your rights, or to file a complaint, please contact our HIPAA Privacy Officer:

HIPAA Privacy Officer: hipaa@lilac.health