Back to Home

HIPAA Compliance

Last updated: January 2026

Technical safeguards

Encryption in transit and at rest, role-based access controls, audit logging, and session management designed to protect electronic protected health information (ePHI).

Administrative safeguards

Documented security policies, workforce training on PHI handling, designated privacy and security officers, and periodic risk assessments.

Physical safeguards

Our infrastructure runs on hosting providers that maintain physical access controls, environmental safeguards, and secure data center practices.

Access controls

Patient data is only visible to the patient and the healthcare providers, pharmacies, and administrators directly involved in that patient's care.

1. Our Commitment

Kycura is designed to support the privacy and security principles of the Health Insurance Portability and Accountability Act (HIPAA). While Kycura primarily operates across West African markets under local data protection frameworks, we have aligned our security program with HIPAA's Privacy, Security, and Breach Notification Rules because they represent a widely recognized standard for handling protected health information (PHI).

2. Protected Health Information (PHI)

PHI on Kycura includes information such as medical history, consultation notes, prescriptions, lab uploads, and any data that can identify a patient in connection with their health. Access to PHI is restricted to the patient, their treating providers, pharmacy staff fulfilling their prescriptions, and administrators who require it to operate the platform.

3. Business Associate Agreements (BAAs)

Where Kycura engages third-party service providers that may process PHI on our behalf (such as cloud hosting, video consultation, or messaging infrastructure), we work with those providers to ensure appropriate data protection terms are in place, consistent with the spirit of HIPAA Business Associate Agreements.

4. Patient Rights

Patients can access their own medical records, consultation history, and prescriptions through the Patient Portal at any time. Requests to correct or export personal health information can be made through your account settings or by contacting our support team.

5. Breach Notification

In the event of a security incident affecting PHI, we will investigate promptly, take steps to contain and remediate the issue, and notify affected users and, where required, regulators — in line with applicable breach notification timelines.

6. Workforce Training & Access Reviews

Employees and contractors with access to PHI receive privacy and security training, and access permissions are reviewed periodically to ensure they remain limited to what is necessary for each role.

7. Questions or Concerns

If you have questions about how Kycura protects health information, or wish to report a concern, please contact our Privacy Officer at privacy@kycura.com.