Personal Health Information (PHI)

PHI data is often hosted on behalf of our clients, and is regulated under HIPAA (Health Insurance Portability and Accountability Act), for which compliance is a legal obligation. LabLynx is a Business Associate, not a Covered Entity, under HIPAA.

The company is responsible for providing appropriate security and maintaining privacy for data hosted and stored on behalf of covered entities, or other HIPAA business associates.

Non-production environments with PII data should never leave the hosted, protected network, even to approved, connected devices. For example, developers must not copy a LIMS database or application files for such a site onto a local device. It must remain on servers provided for this purpose within the network to protect PII used in production and non-production environments against unauthorized release or exposure, consistent with controls in the production environment.