QUASAR Nexus
QUASAR Nexus

HIPAA Compliance Notice

Last Updated: March 2026

Our Commitment

QUASAR Nexus LLC (“QUASAR Nexus,” “we,” “us”) is committed to protecting the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and all applicable federal and state regulations.

As a developer of healthcare technology platforms, QUASAR Nexus operates as a Business Associate under HIPAA when our products process, store, or transmit PHI on behalf of healthcare providers and their patients.

Platforms That Handle PHI

The following QUASAR Nexus platforms may process Protected Health Information:

  • Clarity Health (clarity.quasar.nexus) — Patient-facing medical record understanding and health summary generation
  • Atlas Health (atlas.quasar.nexus) — Provider-facing clinical decision support

Each platform maintains its own product-specific privacy policy detailing the particular types of data collected and how it is used within that product.

Technical Safeguards

  • Encryption in Transit: All data transmitted between users and our platforms is encrypted using TLS 1.2 or higher.
  • Encryption at Rest: All stored data, including any PHI, is encrypted at rest using AES-256 encryption.
  • Access Controls: Role-based access controls restrict PHI access to authorized personnel and systems only.
  • Audit Logging: All access to PHI is logged and auditable, including who accessed what data and when.
  • Authentication: Multi-factor authentication is available for all user accounts. Session management follows industry best practices.

Administrative Safeguards

  • Privacy Officer: QUASAR Nexus has a designated privacy and security officer responsible for HIPAA compliance oversight.
  • Risk Assessments: We conduct periodic risk assessments to identify and address potential vulnerabilities in our systems and processes.
  • Workforce Training: All personnel with access to PHI receive HIPAA awareness and security training.
  • Policies and Procedures: We maintain written policies and procedures governing the use, disclosure, and protection of PHI.
  • Incident Response: We maintain an incident response plan for identifying, containing, and remediating security events.

Physical Safeguards

  • Cloud Infrastructure: Our platforms are hosted on cloud infrastructure providers that maintain SOC 2 Type II compliance and sign Business Associate Agreements.
  • Data Center Security: Physical access to servers and data centers is managed by our infrastructure providers and subject to their independently audited security controls.

Business Associate Agreements

When QUASAR Nexus processes PHI on behalf of a Covered Entity (such as a healthcare provider or health plan), we enter into a Business Associate Agreement (BAA) that defines the permitted uses and disclosures of PHI, our obligations to safeguard it, and breach notification requirements.

We also require BAAs from any subcontractors or third-party service providers who may have access to PHI through our platforms.

Breach Notification

In the event of a breach of unsecured PHI, QUASAR Nexus will:

  • Notify affected Covered Entities without unreasonable delay and no later than 60 days from discovery of the breach.
  • Provide all information required under 45 CFR § 164.410, including the nature of the PHI involved, steps individuals should take to protect themselves, and what QUASAR Nexus is doing to investigate and mitigate the breach.
  • Cooperate with Covered Entities in their notification obligations to affected individuals and the U.S. Department of Health and Human Services (HHS).

Your Rights

If you are a patient whose PHI is processed by a QUASAR Nexus platform, your rights under HIPAA — including the right to access, amend, and receive an accounting of disclosures of your PHI — are administered by the Covered Entity (your healthcare provider) that maintains your health records. You may also contact us directly with questions about how our platforms handle your information.

Minimum Necessary Standard

QUASAR Nexus adheres to the HIPAA Minimum Necessary Standard. Our platforms are designed to access, use, and disclose only the minimum amount of PHI necessary to accomplish the intended purpose of each function.

No Sale of PHI

QUASAR Nexus does not sell Protected Health Information under any circumstances.

Contact

For questions about our HIPAA compliance practices, to report a security concern, or to request a Business Associate Agreement:

Emailprivacy@quasar.nexus
MailQUASAR Nexus LLC, 254 Chapman Rd Ste 209, Newark, DE, US
Back to Home