Nutrium's approach to HIPAA compliance

Nutrium’s approach to HIPAA compliance

Learn what Nutrium is doing toward HIPAA compliance and why you can trust your and your clients' data with us.

Ensuring high compliance with data protection standards and legislation has always been one of our top priorities. Ever since the very inception of Nutrium, we were well aware of the vital role that security and management of health data would play in the overall success of our mission.

That being said, we’re happy to share with our American clients that we’ve finished implementing the first group of measures and policies towards HIPAA compliance.

Compliance of any kind is a continuous and never-ending process. Still, this milestone is of the utmost importance as it will allow us to provide you with a better, safer service while also relieving you of some of the burdens of complying with HIPAA yourself.

Being compliant with HIPAA will allow you, in the same way, to provide safer and higher quality services to your patients as well as to avoid steep financial penalties.

What is HIPAA compliance?

HIPAA, the Health Insurance Portability and Accountability Act of 1996, is an American law that aims to regulate and safeguard the management and processing of Protected Health Information (PHI) by enforcing, for instance, standards for electronic transactions in healthcare.

It grants certain rights to the patients, like the right to access to PHI. However, it also imposes certain obligations to healthcare providers and other entities, such as implementing administrative and technical measures, just to name a few.

In case you’re wondering what PHI is, we can give you a hint. Personally identifiable data like name, email, phone, etc., combined with some type of health-related data like medication, diagnosis, provider name, and others, can lead to a patient’s identification.

Protecting PHI means protecting the privacy of patients, therefore its importance and the central role it plays under this legislation.

The role of Nutrition professionals and Nutrium

HIPAA tries to streamline classifications in this universe of parties handling protected health information by dividing them into two broad categories: Covered Entities and Business Associates.

Generally speaking, Business Associates are entities that provide services for Covered Entities. When doing so, Business Associates come in touch with electronically protected health information (ePHI). With this ePHI access, Business Associates are required to sign what’s called a Business Associate Agreement (BAA).

Healthium, the company behind Nutrium, is considered under HIPAA to be a Business Associate.

In turn, Covered entities are classified into three different groups, including health plans, health care clearinghouses, and health care providers. So, for example, some of our clients might fall under the category of Health Care Providers (you can visit the U.S. Department of Health and Human Services (HHS) webpage for help).

That being the case, the use of Nutrium by Covered Entities must be regulated by a Business Associate Agreement that properly defines and distributes the rights and obligations of the parties that process ePHI.

This document, which we now provide, is automatically made effective to all Covered Entities that use Nutrium.

Check here the terms of the HIPAA Business Associate Agreement (BAA).

Security and Privacy Officers

Nutrium has also appointed a Security Officer and a Privacy Officer.

They will be responsible for assisting the company with its compliance and security efforts, staff training, and implementing and maintaining all policies and HIPAA-related documents.

You can reach them if you have any questions at


As counterintuitive as it might seem, dealing with ePHI is all about transparency.

Ensuring that our clients have a real insight into the procedures and policies that we follow is pivotal to a healthy business relationship and our platform's success.

Opening up to the general public will help us build up and improve our current mechanisms and processes. Thus better allowing us to proactively address information security, mitigate risk, and assure any breaches of ePHI are addressed and communicated promptly.

With this in mind, we’re making public all our policies and inviting all our clients to pitch in with any questions or suggestions they might have regarding them, to ensure HIPAA compliance.

Check here our HIPAA Public Documents and Policies.