Privacy Policy

1. Information We Collect

Layera collects the following categories of information to provide our healthcare compliance management services:

• Account Information: Name, email address, agency name, agency type, and state of operation.
• Protected Health Information (PHI): Employee names in training records, compliance documents, and any information shared through the AI compliance agent.
• Usage Data: Audit logs of platform access and actions for HIPAA compliance.
• Technical Data: IP addresses and user agents for security monitoring.

2. How We Protect Your Data (HIPAA Safeguards)

3. Data Retention

We retain your data as required by HIPAA (minimum 6 years for compliance records) and applicable state regulations. Audit logs are retained for a minimum of 6 years. You may request data export or deletion subject to legal retention requirements.

4. Your Rights

• Right to access your personal data and PHI
• Right to request correction of inaccurate data
• Right to request deletion (subject to retention requirements)
• Right to data portability (export your data)
• Right to withdraw consent for optional data processing
• Right to receive breach notification within 60 days
• Right to file a complaint with HHS Office for Civil Rights

5. Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals within 60 days of discovery, as required by the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D). We will also notify the HHS Secretary and, if applicable, the media.

6. State-Specific Requirements

In addition to federal HIPAA requirements, we comply with state-specific healthcare privacy laws including the Texas Medical Records Privacy Act (TMRPA), Texas Health and Safety Code Chapter 181, and any other applicable state regulations based on your agency's operating state.

7. Contact Information

For privacy concerns, data requests, or to report a security incident, contact our HIPAA Privacy Officer at privacy@complianceai.com.