HIPAA Compliance & Medical Privacy

Your Protected Health Information is secured with enterprise-grade encryption and full HIPAA compliance

What is HIPAA?

Understanding the federal law that protects your medical privacy

Health Insurance Portability and Accountability Act

HIPAA is a federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information from being disclosed without the patient's consent or knowledge.

The law applies to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and business associates (companies that handle PHI on behalf of covered entities).

RespiratorTest.com operates as a business associate under HIPAA, processing Protected Health Information (PHI) for OSHA-mandated respirator medical evaluations. We maintain Business Associate Agreements (BAAs) with our healthcare professional partners and implement all required safeguards.

What is PHI?

Protected Health Information (PHI) includes any individually identifiable health information, such as:

Medical history
Test results
Health conditions
Medications

Important: Your Employer Cannot See Your Medical Responses

Under HIPAA, only licensed healthcare professionals (PLHCPs/MROs) can access your questionnaire responses. Employers only receive final certificate status (PASS/PENDING), never your medical information.

How RespiratorTest.com Maintains HIPAA Compliance

Our multi-layered security approach protects your Protected Health Information

AES-256 Encryption

All Protected Health Information (PHI) is encrypted at rest and in transit using military-grade encryption standards.

AWS HIPAA-Eligible Infrastructure

Hosted on Amazon Web Services using HIPAA-eligible services with Business Associate Agreements in place.

Access Controls

Role-based access controls ensure only authorized personnel can view medical information. MROs have exclusive access to questionnaire responses.

Audit Logging

Comprehensive audit trails track all access to PHI, maintaining a complete record of who viewed what and when.

Secure Transmission

All data transmitted between your device and our servers is protected with TLS 1.3 encryption.

30-Year Record Retention

OSHA-compliant record retention with secure archival and retrieval capabilities for the full 30-year requirement.

Ready to Experience Secure, Compliant Respirator Testing?

Join thousands of companies using our HIPAA-compliant platform

Get Started Now View Pricing

Your HIPAA Rights

As a patient, HIPAA grants you specific rights regarding your Protected Health Information:

Right to access your Protected Health Information
Right to request corrections to your medical records
Right to receive an accounting of PHI disclosures
Right to request restrictions on PHI use and disclosure
Right to receive confidential communications
Right to file a complaint if you believe your privacy rights have been violated

Technical Safeguards

Administrative Safeguards

• Annual HIPAA training for all personnel
• Background checks for employees with PHI access
• Incident response procedures and breach notification protocols
• Regular risk assessments and security reviews

Physical Safeguards

• AWS data centers with 24/7 monitoring
• Multi-factor authentication for system access
• Workstation security controls
• Secure disposal of electronic PHI

Technical Safeguards

• Unique user identification and automatic logoff
• Encryption and decryption of PHI
• Audit controls and integrity monitoring
• Transmission security with TLS 1.3

Licensed Healthcare Professional Oversight

All respirator medical evaluations are overseen by our Medical Review Officer, Dr. Nader Mikhail, MD, MPH, CPH, who serves as your PLHCP (Physician or Other Licensed Health Care Professional) under OSHA 1910.134.

Dr. Mikhail has exclusive access to your medical questionnaire responses. Your employer receives only the final certificate status (CLEARED or PENDING) — they never see your medical information.

This separation ensures full HIPAA compliance while meeting OSHA's requirement for medical oversight of respirator use.

Learn About Our MRO →

Data Handling & Retention

What We Collect

We only collect information necessary for OSHA-compliant respirator medical evaluations:

OSHA Appendix C questionnaire responses
Respirator type and job description
Employee name and employer information
Certificate issuance and expiration dates

How Long We Keep It

OSHA 1910.1020 requires employers to maintain medical records for the duration of employment plus 30 years.

RespiratorTest.com provides:

30-year secure record retention
Encrypted archival storage
Instant retrieval for OSHA inspections
Secure deletion after retention period

Questions or Concerns?

Privacy Officer Contact

For questions about HIPAA compliance, your rights, or to request access to your PHI:

Email: privacy@respiratortest.com
Mail: RespiratorTest.com Privacy Officer
[Address to be provided]

Filing a Complaint

If you believe your privacy rights have been violated, you have the right to file a complaint with:

• RespiratorTest.com Privacy Officer (contact above)
• U.S. Department of Health and Human Services Office for Civil Rights
• Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

No retaliation: You will not be penalized or retaliated against for filing a complaint.

Secure, Compliant, Convenient

Get OSHA-compliant respirator certification with complete medical privacy protection

HIPAA

Compliant

AES-256

Encryption

30 Years

Retention

100%

Private

Start Your Secure Evaluation →