Compliance

HIPAA Positioning Statement

Lumina does not receive, store, or process Protected Health Information.

Protocol | Operational Architecture, LLC  ·  Effective Date: July 1, 2025  ·  Last Updated: July 1, 2025

No PHI Received or Stored
AES-256 Encryption at Rest & Transit
Anonymized Geo-Data Only
De-identification Maintained by End User
Plain English Summary

Lumina is a geocoding and routing tool. It works with anonymized addresses and internal reference codes — not names, diagnoses, or any information that could identify a patient. Because no Protected Health Information enters our platform, Lumina does not trigger HIPAA Business Associate obligations and no Business Associate Agreement is required for standard use.

01

What Lumina Does and Does Not Receive

Lumina is a geographic proximity and route optimization platform. It accepts address data paired with internal reference codes supplied by your organization and uses that data to calculate proximity matches and drive times. That is the full extent of what Lumina ingests.

Lumina receives:

  • Street addresses (staff locations and client service locations)
  • Internal reference codes assigned by your organization (e.g. "Staff-04," "Client-11")
  • No names, no diagnoses, no treatment records, no insurance data, no dates of service

Lumina never receives:

  • Client names or staff names linked to uploaded addresses
  • Any of the 18 HIPAA identifiers that, when combined with health information, constitute PHI
  • Clinical, diagnostic, or billing records of any kind

The mapping between reference codes and real individuals is maintained exclusively within your organization. That internal record never leaves your systems.

02

How the De-identification Model Works

Before any data reaches Lumina, your team prepares it using your organization's in-house template. The process is designed so that all identifying information is stripped at your end before upload:

Step 1
Your Organization
Assigns internal reference codes to staff and clients. Maintains the code-to-person mapping internally. Never shares this mapping with Lumina.
Step 2
Your Template
Populates the in-house upload template with addresses and codes only — no names or identifiers. Your organization retains the completed template.
Step 3
Lumina
Receives addresses and codes. Calculates proximity and routes. Returns geographic results keyed to your codes. No PHI ever enters the platform.

This model mirrors how other widely-used routing and logistics platforms operate — the geographic data is functional, not personal. Lumina is agnostic to who the codes represent.

03

Why a BAA Is Not Required

Under HIPAA, a Business Associate Agreement (BAA) is required when a vendor receives, transmits, or maintains PHI on behalf of a Covered Entity. Because Lumina's data model is specifically designed so that no PHI enters the platform, the BAA requirement is not triggered.

An address alone, without any associated health information or identifying link, is not PHI under HIPAA. The 18 HIPAA Safe Harbor identifiers include geographic data only when it is more specific than a three-digit zip code and when it is associated with health information about an identifiable individual. In Lumina's model, addresses are uploaded without any health information linkage, making them non-PHI by design.

Your organization remains fully responsible for your own HIPAA compliance — including maintaining secure internal records that map codes to individuals, limiting internal access to that mapping, and ensuring your own data handling practices meet applicable requirements. Lumina's role is limited to processing the de-identified geographic data you provide.

04

Your Organization's Responsibilities

While Lumina is designed to operate entirely outside the scope of HIPAA, your organization as a Covered Entity retains all standard HIPAA obligations. In the context of using Lumina, this means:

  • De-identification is your responsibility. You must ensure that no PHI is included in any data submitted to Lumina. Using reference codes rather than client names or identifiers is how the platform is designed to be used.
  • Internal records stay internal. The mapping between your reference codes and individual clients or staff should be stored securely within your organization and never uploaded to Lumina.
  • Workforce awareness. Staff who prepare upload files should understand that identifying information must not be included in any Lumina submission.
  • Minimum necessary principle. Only the address and reference code necessary for proximity or routing calculation should be submitted — no additional context.

Protocol | Operational Architecture, LLC is not responsible for any PHI submitted to Lumina in violation of these terms. Submitting identifiable data to the platform constitutes a violation of your subscription agreement.

05

Our Security Practices

Although Lumina is not subject to the HIPAA Security Rule for the reasons described above, we maintain strong data security practices consistent with industry standards for platforms serving healthcare-adjacent organizations:

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Role-based access controls for all internal systems
  • Regular security reviews conducted by Hackerware, LLC
  • Secure deletion of all uploaded data within 30 days of subscription termination
06

Changes to This Statement

We may update this HIPAA Positioning Statement to reflect changes in our platform, legal requirements, or regulatory guidance. Material changes will be communicated to active subscribers by email. The most current version will always be available at this URL.

This statement does not constitute legal advice. We recommend consulting your organization's HIPAA compliance officer or legal counsel if you have questions about your specific compliance obligations in connection with using Lumina.


Questions about compliance?

Protocol | Operational Architecture, LLC
Email: compliance@oparch.pro
Web: oparch.pro

For general privacy questions, see our Privacy Policy.