OptimizeThe Provider Partner
Back to home

HIPAA Compliance

Last updated June 11, 2026

The Provider Partner is committed to supporting the privacy and security of healthcare data processed through the Optimize platform ("Platform"). This is interim language provided pending final attorney review.

  1. 1. Our Commitment.

    The Platform maintains administrative, technical, and physical safeguards designed to protect data and operates in accordance with applicable security standards under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended, and related regulations.

  2. 2. De-Identified Data by Design.

    The Platform is intended for de-identified data. Users must only upload, transmit, or provide data that has been properly de-identified in accordance with applicable federal and state laws, including HIPAA. No Protected Health Information ("PHI") or personally identifiable patient information should be submitted unless authorized through a separate written agreement, such as a Business Associate Agreement.

  3. 3. Safeguards.

    Safeguards include encryption of data in transit and at rest, access controls and authentication, audit logging of access to sensitive records, network and infrastructure security, and ongoing monitoring. Patient identifiers, where present in source data, are hashed with a per-organization salt so raw identifiers are not stored.

  4. 4. Shared Responsibility.

    While the Platform is designed to support healthcare organizations and providers, the user remains solely responsible for ensuring that all uploaded information complies with applicable privacy and security requirements, including verifying that data is properly de-identified before upload.

  5. 5. Business Associate Agreements.

    If your use case requires submitting PHI, contact us before uploading any such data so we can determine whether a Business Associate Agreement is appropriate. Do not upload PHI to the Platform absent a separate written agreement authorizing it.

  6. 6. Reporting a Concern.

    If you believe data has been improperly accessed, disclosed, or uploaded, contact The Provider Partner promptly at security@theproviderpartner.com.

This page describes our approach to HIPAA-aligned safeguards and does not constitute legal advice. We may update this information as our practices and applicable requirements evolve.