Legal

HIPAA Compliance Notice

Last updated: April 10, 2026

This notice applies to Greein customers who are Covered Entities or Business Associates under the U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996 and process Protected Health Information (PHI) of U.S. persons using the Greein platform.

Important Note on Applicability

Greein is primarily built for Indian healthcare providers and is designed to comply with India's Digital Personal Data Protection Act (DPDP), 2023. HIPAA applies specifically to U.S. Covered Entities and their Business Associates. If your organisation handles PHI of U.S. patients, please contact us at [email protected] to execute a Business Associate Agreement (BAA) before processing that data on Greein.

Business Associate Agreement (BAA)

If you are a Covered Entity under HIPAA, Greein is willing to enter into a Business Associate Agreement that:

  • Defines permitted and required uses and disclosures of PHI by Greein on your behalf
  • Requires Greein to implement appropriate safeguards to protect PHI
  • Obligates Greein to report PHI breaches to you within 72 hours of discovery
  • Ensures Greein's sub-processors are bound by equivalent HIPAA obligations
  • Specifies data return or destruction procedures on termination
Request a BAA — [email protected]

Our HIPAA Safeguards

Technical Safeguards

  • AES-256 encryption for all Protected Health Information (PHI) stored in our databases
  • TLS 1.2+ encryption for all PHI in transit between clients, the Greein platform, and third-party integrations
  • Automatic session timeout after 30 minutes of inactivity
  • Role-based access control — staff access is limited to the minimum necessary to perform their function
  • Audit logs for every access, modification, or deletion of records containing PHI

Administrative Safeguards

  • Designated HIPAA Privacy Officer responsible for policy compliance
  • All Greein employees with PHI access undergo annual HIPAA training
  • Background checks conducted for all personnel handling PHI
  • Business Associate Agreements (BAAs) in place with all sub-processors handling PHI
  • Documented incident response and breach notification procedures (72-hour HHS notification timeline met)

Physical Safeguards

  • All PHI is hosted on AWS ap-south-1 (Mumbai) and AWS us-east-1 (Virginia) data centres — both SOC 2 Type II and ISO 27001 certified
  • No PHI is stored on portable devices or printed without explicit authorisation
  • Greein office facilities are access-controlled — only authorised personnel may enter areas where PHI is processed

Patient Rights Under HIPAA

Right to Access

Patients may request a copy of their health information held by a covered entity using Greein.

Right to Amend

Patients may request corrections to inaccurate health information.

Right to an Accounting of Disclosures

Patients may request a record of when and to whom their PHI was disclosed.

Right to Request Restrictions

Patients may ask covered entities to restrict certain uses or disclosures of their PHI.

Right to Confidential Communications

Patients may request that communications be delivered through alternative means or to an alternative location.

Right to a Paper Copy

Patients may request a paper copy of the covered entity's Notice of Privacy Practices.

HIPAA Contact

For all HIPAA-related enquiries, BAA requests, breach notifications, or patient rights requests, contact our Privacy Officer:

Email: [email protected]

Address: Greein Technologies Pvt. Ltd., 4th Floor, Baner Tech Park, Pune — 411045, India

Response time: Within 5 business days for general enquiries; within 72 hours for breach notifications.