Compliance (NDPR / HIPAA)
How Healy meets data protection and healthcare regulatory requirements
NDPR (Nigeria Data Protection Regulation)
Healy is designed with Nigerian Data Protection Regulation in mind. We process personal data lawfully, fairly, and transparently. Key practices include:
- Lawful basis for processing and consent where required
- Data minimization — we collect only what is necessary
- Purpose limitation — data is used only for stated purposes
- Storage limitation — retention policies aligned with NDPR
- Security measures — encryption, access controls, and monitoring
- Data subject rights — access, rectification, erasure, and portability
HIPAA (US Healthcare Compliance)
For clinics serving US patients or operating under HIPAA, Healy aligns with HIPAA principles:
- Business Associate Agreements (BAAs) with subprocessors
- Administrative, physical, and technical safeguards
- Protected Health Information (PHI) handling protocols
- Audit controls and breach notification procedures
Technical Safeguards
- End-to-end encryption for video consultations
- Encryption at rest for stored data
- Access controls and role-based permissions
- Audit logging for all sensitive data access
- Secure authentication and session management
Your Responsibilities
As a clinic or provider using Healy, you remain responsible for your clinical practice, patient consent, and compliance with local medical regulations. We provide the technology; you maintain the care standards. Contact us for compliance-specific questions or to request a data processing agreement.