HIPAA Compliance

Peregrine maintains comprehensive HIPAA compliance to protect the privacy and security of Protected Health Information (PHI)

Our HIPAA Commitment

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. As a Business Associate serving federal agencies and healthcare organizations, Peregrine has implemented comprehensive administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of all Protected Health Information (PHI) we process, store, or transmit.

HIPAA Compliant Since Day One

Peregrine was built from the ground up with HIPAA compliance as a core requirement, not an afterthought. Our platform undergoes regular third-party audits and assessments to verify ongoing compliance.

HIPAA Safeguards Implementation

Comprehensive protection through multiple layers of security

Administrative Safeguards

  • Security Officer designation and responsibilities
  • Workforce training and access management
  • Access authorization and termination procedures
  • Security incident response procedures
  • Business Associate Agreements (BAAs) with all partners
  • Risk assessments and management plans

Physical Safeguards

  • AWS GovCloud data centers with FedRAMP High authorization
  • Facility access controls and visitor management
  • Workstation security policies
  • Device and media controls
  • Equipment disposal and reuse procedures
  • Physical access monitoring and logging

Technical Safeguards

  • Unique user identification and authentication
  • Automatic logoff and encryption/decryption
  • Audit logs and integrity controls
  • Transmission security with TLS 1.3
  • Access control with role-based permissions
  • Data backup and disaster recovery procedures

Security Features

Built-in features that ensure continuous HIPAA compliance

Encryption at Rest & Transit

All PHI is encrypted using AES-256 at rest and TLS 1.3 in transit

Access Controls

Multi-factor authentication and role-based access control

Audit Logging

Comprehensive audit trails for all PHI access and modifications

Data Isolation

Complete tenant isolation with dedicated encryption keys

Business Associate Agreement (BAA)

We execute Business Associate Agreements with all covered entities and business associates who use our platform to process PHI. Our standard BAA includes:

  • Clear delineation of permitted uses and disclosures of PHI
  • Safeguards to prevent unauthorized use or disclosure
  • Breach notification procedures within 60 days
  • Subcontractor compliance requirements
  • Right to audit and inspect compliance
Request BAA

Ongoing Compliance Activities

Annual Risk Assessments

Comprehensive evaluation of potential vulnerabilities and threats

Quarterly Workforce Training

Regular training on HIPAA requirements and security best practices

Third-Party Audits

Independent verification of our compliance controls and procedures

Incident Response Drills

Regular testing of breach notification and response procedures

Questions About Our HIPAA Compliance?

Our HIPAA Privacy Officer is available to address any questions or concerns

Contact Privacy OfficerView Security Overview

Related Policies

Privacy PolicyTerms of ServiceSecurity Policy