Back to Clarity

HIPAA Compliance Notice

This notice explains how Clarity Health is designed to safeguard Protected Health Information when it is processed on behalf of healthcare providers and their patients.

Effective date: March 14, 2026

Last updated: March 14, 2026

Our Commitment

QUASAR Nexus LLC ("QUASAR Nexus," "we," "us") is committed to protecting the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and all applicable federal and state regulations.

As the developer of Clarity Health, QUASAR Nexus LLC operates as a Business Associate under HIPAA when Clarity Health processes, stores, or transmits PHI on behalf of healthcare providers and their patients.

Clarity Health Features That May Handle PHI

The following Clarity Health capabilities may process Protected Health Information:

  • Document uploads and storage, including PDFs, images, notes, and other records you choose to add to the product.
  • AI-assisted organization, search, and summary workflows that analyze records on your behalf.

Product-Specific Privacy Practices

Clarity Health maintains its own Privacy Policy describing the types of data collected through the product and how that information is used within the service.

Technical Safeguards

  • Encryption in Transit: All data transmitted between users and Clarity Health is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: All stored data, including any PHI, is encrypted at rest using AES-256 encryption.
  • Access Controls: Role-based access controls restrict PHI access to authorized personnel and systems only.
  • Audit Logging: All access to PHI is logged and auditable, including who accessed what data and when.
  • Authentication: Multi-factor authentication is available for all user accounts. Session management follows industry best practices.

Administrative Safeguards

  • Privacy Officer: QUASAR Nexus LLC has a designated privacy and security officer responsible for HIPAA compliance oversight.
  • Risk Assessments: We conduct periodic risk assessments to identify and address potential vulnerabilities in our systems and processes.
  • Workforce Training: All personnel with access to PHI receive HIPAA awareness and security training.
  • Policies and Procedures: We maintain written policies and procedures governing the use, disclosure, and protection of PHI.
  • Incident Response: We maintain an incident response plan for identifying, containing, and remediating security events.

Physical Safeguards

  • Cloud Infrastructure: Clarity Health is hosted on cloud infrastructure providers that maintain SOC 2 Type II compliance and sign Business Associate Agreements.
  • Data Center Security: Physical access to servers and data centers is managed by our infrastructure providers and subject to their independently audited security controls.

Business Associate Agreements

When QUASAR Nexus LLC processes PHI through Clarity Health on behalf of a Covered Entity, such as a healthcare provider or health plan, we enter into a Business Associate Agreement (BAA) that defines the permitted uses and disclosures of PHI, our obligations to safeguard it, and breach-notification requirements.

We also require BAAs from any subcontractors or third-party service providers who may have access to PHI through Clarity Health.

Breach Notification

In the event of a breach of unsecured PHI, QUASAR Nexus LLC will:

  • Notify affected Covered Entities without unreasonable delay and no later than 60 days from discovery of the breach.
  • Provide all information required under 45 CFR Section 164.410, including the nature of the PHI involved, steps individuals should take to protect themselves, and what QUASAR Nexus is doing to investigate and mitigate the breach.
  • Cooperate with Covered Entities in their notification obligations to affected individuals and the U.S. Department of Health and Human Services (HHS).

Your Rights

If you are a patient whose PHI is processed by Clarity Health, your rights under HIPAA, including the right to access, amend, and receive an accounting of disclosures of your PHI, are generally administered by the Covered Entity (your healthcare provider) that maintains your health records. You may also contact us directly with questions about how Clarity Health handles your information.

Minimum Necessary Standard

QUASAR Nexus adheres to the HIPAA Minimum Necessary Standard. Clarity Health is designed to access, use, and disclose only the minimum amount of PHI necessary to accomplish the intended purpose of each function.

No Sale of PHI

QUASAR Nexus does not sell Protected Health Information under any circumstances.

Contact

For questions about Clarity Health's HIPAA practices, to report a security concern, or to request a Business Associate Agreement:

Emailprivacy@quasar.nexus
MailQUASAR Nexus LLC, 254 Chapman Rd Ste 209, Newark, DE, US