HIPAA
See how LabPreCheck handles HIPAA-regulated workflows for practices and labs.
HIPAA Operating Model
LabPreCheck keeps the real workflow inside the product and limits PHI exposure in secondary channels.
LabPreCheck is operated to support HIPAA-regulated practice-to-lab workflows. That includes the secure handling of case records, uploads, notes, structured case data, and related workflow activity inside the LabPreCheck application.
The service is designed so the case itself remains central. Practices and labs work inside the authenticated platform, while secondary channels stay limited and PHI-free wherever possible.
LabPreCheck is used by workforce members of practices and labs, not by patients.
The live case record stays inside the authenticated application rather than moving into side channels.
Protected health information is handled through contracted service providers, safeguards, and written obligations that support HIPAA-regulated use of the service.
What Stays Inside LabPreCheck
PHI stays inside the authenticated service and approved supporting systems.
For both practices and labs, the intended system of record for the submission workflow is the authenticated LabPreCheck application. The platform is designed so clinical materials and case activity live there, where access control, logging, and security measures can be applied consistently.
Structured case fields, files, workflow activity, and related operational records inside authenticated LabPreCheck workspaces.
Support systems and service-provider environments that are allowed to process PHI on LabPreCheck’s behalf under written agreements and applicable safeguards.
Authorized workforce access by practice and lab users according to workspace membership, role, and operational need.
What Stays Out Of Public And Secondary Channels
Public routes and routine notifications stay PHI-free and push real work back into the product.
LabPreCheck does not treat public pages, general support forms, or routine notification channels as places to put patient or case detail. Those channels should remain limited and should route users back into the authenticated service when real case work is needed.
This matters equally for practices and labs. The platform is designed to reduce the spread of PHI into side channels that are harder to control and audit.
Public marketing pages, help pages, and public forms.
Email subject lines, routine notifications, browser push previews, and public links.
Payment, analytics, mapping, and similar non-PHI channels except where a provider is expressly used under the applicable legal and operational framework.
Safeguards And Service Providers
HIPAA support depends on safeguards, service-provider controls, and disciplined product boundaries.
LabPreCheck maintains safeguards and service-provider controls designed to support HIPAA-regulated use of the service. That includes internal access restrictions, secure infrastructure, incident procedures, and written obligations for service providers that support the service.
This page does not list every internal control or contract term. It summarizes the operating posture that practices and labs can expect when using LabPreCheck for regulated workflows.
Role-based access and workspace separation for practices and labs.
Administrative, technical, and physical safeguards for PHI and electronic PHI.
Monitoring, logging, incident response, and contractual controls for service providers involved in HIPAA-regulated operations.
Questions And Legal Review
Use the contact path for security and legal review, and use the legal package together.
If you need procurement, privacy, security, or legal review support, use Contact. Practices and labs that need a manual legal exception or negotiated paper agreement should use that route as well.
For the contract terms that govern use of the service, see Terms. For the incorporated PHI agreement, see the Business Associate Addendum. For data-handling details, see Privacy.