Luma HIPAA Compliance Policies

Luma helps relieve the challenges of patient communication and engagement with our HIPAA-compliant messaging platform for healthcare.

HIPAA compliance really has two halves. The first half includes all technical guidelines, both physical and digital. Compliant companies take measures to secure their hardware and manage their software in a certain way. Encryption, logging, monitoring—these are just a few examples of HIPAA technical requirements. Luma builds its platform with these guidelines in mind.

The second half of HIPAA is focused on administrative and organizational activities. This includes signing Business Associate Agreements (BAAs), managing company policies like training, among other things. Crafting company policies that align with HIPAA administrative guidelines are straightforward, but an immense burden.

Policy Index

• Introduction
• HIPAA Inheritance
• Policy Management Policy
• Risk Management Policy
• Roles Policy
• Data Management Policy
• System Access Policy
• Auditing Policy
• Configuration Management Policy
• Facility Access Policy
• Incident Response Policy
• Breach Policy
• Disaster Recovery Policy
• Disposable Media Policy
• IDS Policy
• Vulnerability Scanning Policy
• Data Integrity Policy
• Data Retention Policy
• Employees Policy
• Approved Tools Policy
• 3rd Party Policy
• Key Definitions
• Luma HIPAA Business Associate Agreement (“BAA”)