top of page
  • X
  • Linkedin
  • Medium
ClinIQ_Logo.png

clinIQ™ HIPAA Compliance Statement

Last updated: October 2025

Operated by The Algorithm LLC, a Colorado S-Corporation

5031 Ashbrook Circle, Highlands Ranch, CO 80130, USA


1. Purpose and Commitment


clinIQ™ is a healthcare technology platform operated by The Algorithm LLC. We are fully committed to maintaining the confidentiality, integrity, and availability of all Protected Health Information (PHI) entrusted to us by our clients and their patients. We design every system, workflow, and policy to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations.


2. HIPAA Role: Business Associate


The Algorithm LLC acts as a Business Associate under HIPAA, providing services to Covered Entities (clinics, providers, and healthcare organizations). We process PHI only on behalf of and under the direction of these Covered Entities, in accordance with executed Business Associate Agreements (BAAs). We do not use or disclose PHI for any independent purpose.


3. Applicable HIPAA Rules
clinIQ™ adheres to the following core HIPAA rules:

  • Privacy Rule (45 CFR Part 160 & Subparts A and E of Part 164) – safeguards the use and disclosure of PHI.

  • Security Rule (45 CFR Part 160 & Subparts A and C of Part 164) – establishes standards for administrative, physical, and technical security.

  • Breach Notification Rule (45 CFR Part 164 Subpart D) – requires notification to clients and, when applicable, the HHS OCR and affected individuals.

4. Safeguards and Technical Controls


clinIQ™ implements layered administrative, technical, and physical safeguards including:

  • Encryption: TLS 1.3 for all data in transit; AES-256 for data at rest.

  • Access Control: Role-based permissions (RBAC), unique user IDs, MFA for administrators.

  • Audit Logs: Continuous monitoring of access and configuration changes.

  • Infrastructure Security: AWS HIPAA-eligible services and MongoDB Atlas Dedicated clusters under BAAs.

  • Backups & Disaster Recovery: Daily encrypted backups with retention and off-site replication (30-day active, 12-month archive).

  • Risk Assessments: Formal HIPAA Security Risk Assessment conducted annually.

  • Employee Training: Mandatory HIPAA training for all workforce members each year, with signed attestations.


5. Subcontractors and Business Associate Agreements


We maintain executed BAAs or Data Processing Agreements with all third-party service providers who may access PHI, including:

HIPAA compliance encryption and data protection illustration

All vendors are contractually bound to maintain HIPAA-equivalent security and to notify us immediately of any potential breach.


6. Breach Notification & Incident Response


If a security incident or breach involving PHI is confirmed:

  • Initial Notice – We notify the affected Covered Entity within 10 business days of discovery.

  • Containment & Investigation – Our security team isolates affected systems and documents findings.

  • Remediation & Reporting – We cooperate fully with the Covered Entity and, if required, notify the HHS OCR and affected individuals.

  • Post-Incident Review – Root-cause analysis and control improvements are recorded in our compliance log.

7. Data Retention and Disposal

  • PHI is retained only as long as required for contractual or regulatory purposes.

  • Upon termination of a customer account, data remains accessible for 30 days for export and is purged from backups within 90 days.

  • Secure deletion procedures conform to NIST SP 800-88 standards.

8. Physical and Administrative Controls

  • Access to servers and administrative consoles is limited to authorized personnel.

  • All laptops and portable devices are encrypted and centrally managed.

  • Background checks and confidentiality agreements are mandatory for employees.

  • Annual internal audits verify compliance with our policies and BAAs.


9. Contact Information


For HIPAA-related questions, incident reporting, or BAA inquiries, please contact:


HIPAA Privacy Officerprivacy@cliniqhealthcare.com

HIPAA Security Officersecurity@cliniqhealthcare.com

Compliance Departmentcompliance@cliniqhealthcare.com


Mailing Address:

The Algorithm LLC

5031 Ashbrook Circle, Highlands Ranch, CO 80130 USA


10. Statement of Ongoing Compliance


clinIQ™ continually reviews and updates its policies, technical measures, and workforce training to ensure ongoing alignment with HIPAA, HITECH, and related federal privacy regulations.

We take our obligations as a Business Associate seriously and remain dedicated to earning and maintaining the trust of every clinic, provider, and patient we serve.

© 2025 The Algorithm LLC — All Rights Reserved clinIQ™ is a trademark of The Algorithm LLC.

bottom of page