Back to Trackfaze
TermsPrivacyDPA

HIPAA Compliant

Protected Health Information Safeguards

HIPAA Notice

Notice of Privacy Practices for Protected Health Information

Last Updated: March 2026

1. Introduction

Trackfaze may process Protected Health Information (PHI) on behalf of healthcare agencies ("Covered Entities") that use our platform. This notice describes how medical information about employees may be used and disclosed.

2. Our Role

Trackfaze acts as a Business Associate under HIPAA. We only process PHI as directed by the Covered Entity (your employer/agency) and in accordance with our Business Associate Agreement.

3. Protected Health Information We May Process

  • Employee health certifications and screenings
  • TB test results and immunization records
  • Physical examination documentation
  • Drug screening results
  • COVID-19 vaccination records
  • Other health-related credentials

4. How PHI May Be Used

PHI processed through Trackfaze may be used for:

  • Employment eligibility verification
  • Credential tracking and compliance
  • Regulatory reporting requirements
  • Healthcare operations as permitted by HIPAA

5. Safeguards We Maintain

Administrative

Workforce training, access management, policies

Physical

Secure data centers, access controls

Technical

Encryption, audit logging, intrusion detection

6. Your Rights Regarding PHI

You have the right to:

  • Access your PHI maintained in our system
  • Request corrections to inaccurate information
  • Receive an accounting of disclosures
  • Request restrictions on certain uses
  • File a complaint if you believe your rights were violated

7. Breach Notification

In the event of a breach of unsecured PHI, we will:

  • Notify the Covered Entity within 24 hours of discovery
  • Assist in breach investigation and mitigation
  • Support required notifications to affected individuals

8. Business Associate Agreement

Healthcare agencies using Trackfaze sign a Business Associate Agreement (BAA) that governs our handling of PHI. This agreement ensures HIPAA-compliant data processing.

9. Minimum Necessary Standard

We limit PHI access to the minimum necessary for intended purposes. Role-based access controls ensure only authorized personnel can view sensitive information.

10. No Sale of PHI

We do NOT sell, rent, or trade Protected Health Information under any circumstances.

11. Questions and Complaints

For HIPAA-related inquiries: support@trackfaze.com

You may also file a complaint with the HHS Office for Civil Rights:
https://www.hhs.gov/ocr/complaints

Trackfaze
8 Market Pl Suite 339
Baltimore, MD 21202