Compliance
HIPAA at Refley
Refley operates as a HIPAA-ready platform. This page explains how we protect protected health information (PHI) and the rights you have.
Our role under HIPAA
When a Refley-partner pharmacy uses our platform to provide care to patients, Refley acts as a Business Associate. We sign a Business Associate Agreement (BAA) with every partner pharmacy and applicable sub-processor.
Safeguards
- Administrative: workforce training, access reviews, incident response, business associate agreements with all sub-processors.
- Physical: data centers with biometric access, 24/7 monitoring, and redundant power and cooling.
- Technical: end-to-end encryption, audit logging, intrusion detection, least-privilege access controls.
Your rights
- Request access to your protected health information (PHI)
- Request corrections to inaccurate PHI
- Request an accounting of disclosures
- Request restrictions on how your PHI is used
- File a complaint without retaliation
Breach notification
In the unlikely event of a breach involving unsecured PHI, Refley will notify affected individuals and covered entities in accordance with the HIPAA Breach Notification Rule.
Request a BAA
Covered entities can request a BAA by emailing compliance@refley.com.