🏥

HIPAA Compliance

Last Updated: December 1, 2025

LinguaLinQ is committed to protecting the privacy and security of Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Our HIPAA Commitment

LinguaLinQ understands that healthcare providers need secure, compliant communication tools. We have designed our platform to meet HIPAA requirements for covered entities and their patients. Our commitment includes:

  • Implementing comprehensive security safeguards
  • Providing Business Associate Agreements (BAAs) for healthcare clients
  • Training our team on HIPAA requirements
  • Conducting regular compliance audits
  • Maintaining breach notification procedures

Technical Safeguards

Encryption

  • 256-bit AES encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encryption for all video and audio streams
  • Encrypted database storage for all user data

Access Controls

  • Role-based access controls for all systems
  • Multi-factor authentication available for enterprise accounts
  • Automatic session timeouts
  • Unique user identification for all accounts

Audit Controls

  • Comprehensive logging of system access
  • Session activity monitoring
  • Regular log reviews and analysis
  • Tamper-proof audit trails

Transmission Security

  • Secure WebRTC connections for video
  • HTTPS-only web access
  • Certificate pinning for mobile applications
  • Regular penetration testing

Administrative Safeguards

Security Management

  • Designated Security Officer
  • Comprehensive risk analysis procedures
  • Written security policies and procedures
  • Regular policy reviews and updates

Workforce Security

  • Background checks for employees with PHI access
  • Role-based access assignments
  • Termination procedures for access removal
  • Regular security training

Information Access Management

  • Minimum necessary access principle
  • Access authorization procedures
  • Access modification and termination processes
  • Regular access reviews

Security Awareness Training

  • Initial HIPAA training for all employees
  • Annual refresher training
  • Security reminder communications
  • Incident response training

Contingency Planning

  • Data backup procedures
  • Disaster recovery plan
  • Emergency mode operation plan
  • Regular testing of contingency procedures

Physical Safeguards

Data Center Security

  • SOC 2 Type II certified data centers
  • 24/7 physical security monitoring
  • Biometric access controls
  • Environmental controls (fire, flood, temperature)

Workstation Security

  • Secure workstation policies
  • Screen lock requirements
  • Clean desk policies
  • Encrypted storage devices

Device Controls

  • Hardware inventory management
  • Secure disposal procedures
  • Media re-use protocols

Business Associate Agreements (BAA)

LinguaLinQ offers Business Associate Agreements to covered entities. Our BAA includes:

  • Permitted uses and disclosures of PHI
  • Safeguards commitment
  • Subcontractor requirements
  • Breach notification obligations (24-hour notification)
  • Return or destruction of PHI upon termination

To Request a BAA:

1. Email: Send a request to compliance@lingualinq.ai with:

  • Your organization name
  • Contact person and title
  • Organization address
  • Brief description of intended use

2. Response Time: We will respond within 2 business days with:

  • Our standard BAA document for review
  • Instructions for execution

3. Execution: BAAs can be signed electronically or via physical signature

⚠️ Note: A signed BAA must be in place BEFORE transmitting any Protected Health Information through LinguaLinQ.

Breach Notification Procedures

In the event of a PHI breach, LinguaLinQ will:

  1. Investigate - Promptly investigate the incident
  2. Contain - Take immediate steps to mitigate harm
  3. Notify - Inform affected covered entities within 24 hours of discovery
  4. Document - Maintain detailed breach documentation
  5. Report - Assist with required HHS notifications
  6. Remediate - Implement measures to prevent future breaches

Patient Rights

LinguaLinQ's platform design supports patient rights under HIPAA:

  • No Recording: Video and audio are never recorded
  • Minimal Data: We process only what's necessary for translation
  • Immediate Deletion: Session data is deleted when calls end
  • Access Rights: Patients can request their account data

Compliance Verification

We maintain our HIPAA compliance through:

  • Annual third-party security assessments
  • Regular internal audits
  • Continuous monitoring and improvement
  • Employee compliance attestations

Disclaimer

While LinguaLinQ maintains HIPAA-compliant infrastructure:

  • Healthcare providers remain responsible for their own HIPAA compliance
  • A signed BAA is required before transmitting PHI
  • Users should verify compliance with their organization's policies
  • This page does not constitute legal advice

Contact Us

For HIPAA compliance questions or to request a BAA:

Email: compliance@lingualinq.ai

West Coast Office (Primary):

LinguaLinQ Compliance Team
1408 South Van Ness Avenue
San Francisco, CA 94110

East Coast Office:

LinguaLinQ Compliance Team
457 W 57th Street
New York, NY 10019