Initializing0%
Universal Fabrication Logo

HIPAA Compliance

Protecting your health information with the highest standards of privacy and security.

Last Updated: November 9, 2025

HIPAA Compliance Overview

Universal Fabrication is committed to maintaining the highest standards of health information privacy and security. As a provider of biomedical devices, research services, and clinical trial services, we recognize the critical importance of protecting Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

This HIPAA Compliance Statement outlines our commitment to protecting health information and describes the measures we have implemented to ensure compliance with HIPAA requirements.

Our Commitment

We are dedicated to maintaining the confidentiality, integrity, and availability of all Protected Health Information (PHI) that we collect, use, or disclose in the course of providing our services.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

Key HIPAA Components

  • Privacy Rule: Sets standards for the protection of individually identifiable health information
  • Security Rule: Establishes national standards for the security of electronic protected health information
  • Breach Notification Rule: Requires covered entities to notify affected individuals, HHS, and in some cases, the media of a breach of unsecured PHI
  • Enforcement Rule: Provides standards for the enforcement of all the Administrative Simplification Rules
Our Role as a Business Associate

Universal Fabrication may act as a Business Associate when we provide services that involve the use or disclosure of Protected Health Information (PHI) on behalf of covered entities (such as healthcare providers, health plans, or healthcare clearinghouses).

As a Business Associate, we:

  • Enter into Business Associate Agreements (BAAs) with covered entities
  • Comply with applicable HIPAA requirements
  • Implement appropriate safeguards to protect PHI
  • Report any security incidents or breaches to covered entities as required
  • Ensure that our subcontractors who handle PHI also comply with HIPAA requirements
HIPAA Safeguards Implementation

We have implemented comprehensive administrative, physical, and technical safeguards to protect PHI in accordance with HIPAA requirements:

Administrative Safeguards
  • Security management processes
  • Assigned security responsibility
  • Workforce security
  • Information access management
  • Security awareness and training
  • Contingency plan
Physical Safeguards
  • Facility access controls
  • Workstation use restrictions
  • Workstation security
  • Device and media controls
Technical Safeguards
  • Access control
  • Audit controls
  • Integrity controls
  • Transmission security
  • Encryption of data at rest and in transit
Data Protection Measures

Encryption

All PHI is encrypted both in transit (using SSL/TLS protocols) and at rest (using industry-standard encryption algorithms). We use strong encryption methods to ensure that PHI remains secure and confidential.

Access Controls

We implement strict access controls to ensure that only authorized personnel have access to PHI. Access is granted on a need-to-know basis and is regularly reviewed and updated.

Audit Logs

We maintain comprehensive audit logs that track all access, use, and disclosure of PHI. These logs are regularly reviewed to detect and prevent unauthorized access or use.

Regular Security Assessments

We conduct regular security risk assessments to identify potential vulnerabilities and implement appropriate safeguards to address identified risks.

Workforce Training

All employees and contractors who may have access to PHI are required to complete comprehensive HIPAA training. This training covers:

  • HIPAA Privacy and Security Rules
  • Our policies and procedures for protecting PHI
  • How to identify and report security incidents
  • Best practices for handling PHI
  • Consequences of non-compliance

Training is provided upon hire and on an annual basis, with additional training provided when policies or procedures are updated.

Breach Notification Procedures

In the event of a security breach involving PHI, we have established procedures to:

  • Immediately investigate and contain the breach
  • Assess the nature and scope of the breach
  • Notify affected individuals without unreasonable delay (and in no case later than 60 days after discovery)
  • Notify the covered entity (if applicable) immediately
  • Notify the Secretary of Health and Human Services (HHS) as required
  • Implement corrective measures to prevent future breaches

Important Notice

If you believe that your PHI has been compromised, please contact us immediately at support@universal-fabs.com.

Patient Rights Under HIPAA

Individuals have certain rights regarding their PHI under HIPAA. These rights include:

  • Right to Access: You have the right to access and obtain copies of your PHI
  • Right to Amend: You have the right to request amendments to your PHI
  • Right to an Accounting: You have the right to receive an accounting of disclosures of your PHI
  • Right to Request Restrictions: You have the right to request restrictions on the use and disclosure of your PHI
  • Right to Request Confidential Communications: You have the right to request that we communicate with you about PHI in a certain way or at a certain location
  • Right to File a Complaint: You have the right to file a complaint if you believe your privacy rights have been violated

To exercise any of these rights, please contact us using the information provided in the Contact section below.

Compliance Monitoring and Auditing

We are committed to maintaining ongoing HIPAA compliance through:

  • Regular internal compliance audits and assessments
  • Ongoing monitoring of our security measures and practices
  • Regular updates to policies and procedures to reflect changes in HIPAA regulations
  • Training and education for all workforce members
  • Incident response and breach notification procedures

We continuously work to improve our HIPAA compliance program and adapt to evolving threats and regulatory requirements.

HIPAA Contact Information

If you have questions, concerns, or wish to exercise your rights under HIPAA, please contact our HIPAA Privacy Officer:

Universal Fabrication

HIPAA Privacy Officer

IIT Madras Research Park, Kanagam Road, Taramani

Chennai, Tamil Nadu 600113, India

Email: support@universal-fabs.com

Phone: +91 44 2257 4747

Filing a Complaint

You may also file a complaint directly with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) if you believe your privacy rights have been violated.

Visit: HHS OCR Complaint Portal