HIPAA Privacy Notice
Protection of Your Protected Health Information (PHI)
Our Commitment to PHI Protection
StreamCase is committed to protecting the privacy and security of Protected Health Information (PHI) that medical expert witnesses and their staff process for legal cases. We comply with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable state and federal regulations as business associates handling PHI on behalf of covered entities.
Last Updated: July 22, 2025
What PHI Do We Handle?
As a business associate serving medical expert witnesses, we securely process PHI received from attorneys and covered entities for legal case analysis. This includes:
- Medical records and reports provided for expert review
- Patient identifiers within legal case documents
- Diagnostic imaging and radiological studies
- Operative reports and procedure documentation
- Treatment notes and medical histories
- Any health information contained in legal case materials
How We Use and Process PHI
As a business associate, we use PHI solely for authorized legal services on behalf of medical expert witnesses:
Legal Case Analysis
Processing medical records for expert witness review and opinion development in litigation matters.
Expert Report Preparation
Organizing and categorizing PHI to support expert medical testimony and written opinions.
Security Safeguards
We implement comprehensive security measures to protect your PHI:
Encryption
All PHI is encrypted in transit and at rest using industry-standard algorithms.
Access Controls
Multi-factor authentication and role-based access control systems.
Audit Logging
Comprehensive logging of all PHI access and system activities.
Business Associate Responsibilities & Individual Rights
As a HIPAA business associate, we maintain strict protocols while supporting individual privacy rights:
Our Obligations
- Process PHI only as directed by covered entities
- Maintain comprehensive security safeguards
- Report breaches within required timeframes
- Provide audit trails and compliance documentation
- Ensure subcontractor BAA compliance
Individual Rights Support
- Assist covered entities with access requests
- Support amendment and restriction requests
- Provide PHI accounting when required
- Forward complaints to appropriate covered entity
- Cooperate with privacy right fulfillment
Data Retention and Disposal
- Retention Period: We retain PHI for a minimum of 6 years as required by HIPAA, or longer as required by applicable law.
- Secure Disposal: When PHI is no longer needed, it is securely destroyed using industry-standard methods.
- Data Recovery: We maintain secure backup systems with 72-hour recovery capabilities.
Breach Notification
In the unlikely event of a breach involving your PHI:
- We will notify affected individuals within 60 days
- We will report the breach to the Department of Health and Human Services
- We will take immediate steps to mitigate any harm and prevent future breaches
Contact Information
Privacy Officer
privacy@streamcase.com
(555) 123-4567
(555) 123-4568
HHS Office for Civil Rights
File a Complaint Online
1-800-368-1019
Important Information
Compliance Standards
- HIPAA Privacy Rule
- HIPAA Security Rule (2025)
- HITECH Act
- State Privacy Laws
Encryption Standard
- AES-256 Encryption
Questions About This Notice?
Contact our Privacy Officer for clarification on any aspect of this notice.
Contact Privacy OfficerProfessional User Agreement
By using the StreamCase platform as a medical expert witness or support staff member, you acknowledge that:
- You have read and understand this HIPAA Business Associate Privacy Notice
- You will only process PHI received through legitimate legal channels
- You understand our security safeguards and your responsibilities
- You will maintain the confidentiality of all PHI in accordance with HIPAA requirements
- You will report any suspected breaches or security incidents immediately