Narzim
New: AI Medical Scribe now available for healthcare organizations.
Narzim

Remedy Sys LLC

Av. Insurgentes Sur 1602, Mexico City, MX · Austin, TX, USA
privacy@narzim.com · +1 (800) 664 9073

Effective: June 25, 2026
Version 2.0

HIPAA Compliance Statement

To our customers, partners, and the patients they serve:

Remedy Sys LLC (“Narzim”) is committed to protecting the privacy and security of Protected Health Information (“PHI”). As a provider of healthcare software that acts as a Business Associate to covered entities, Narzim maintains an information security program designed to meet the applicable requirements of the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and their implementing regulations, including the Privacy, Security, and Breach Notification Rules.

1. Our commitment

Safeguarding PHI is foundational to how we build and operate our platform. We apply administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of the electronic PHI (ePHI) we create, receive, maintain, or transmit on behalf of our customers.

2. Business Associate Agreements

Narzim enters into a Business Associate Agreement (BAA) with every covered entity and contractor for whom we process PHI. Our BAA sets out the permitted uses and disclosures of PHI, our safeguarding obligations, and our breach-notification responsibilities. A copy of our standard BAA is available on request.

3. Administrative safeguards

  • A designated Security Officer and Privacy Officer who oversee our compliance program
  • Documented policies and procedures, reviewed and updated regularly
  • Workforce HIPAA and security awareness training at onboarding and annually
  • Role-based access on a least-privilege, need-to-know basis
  • Vendor and sub-processor risk assessments and oversight

4. Physical safeguards

Narzim is hosted with leading cloud infrastructure providers whose data centers maintain robust physical security controls, including restricted facility access, monitoring, and environmental protections. Narzim personnel have no physical access to these facilities.

5. Technical safeguards

  • Encryption of PHI at rest (AES-256) and in transit (TLS 1.2+)
  • Unique user identification, authentication, and multi-factor authentication
  • Automatic logoff and session controls
  • Comprehensive audit logging of access to ePHI
  • Continuous monitoring, vulnerability management, and regular testing

6. Breach notification

Narzim maintains a documented incident-response plan. In the event of a breach of unsecured PHI, we will notify the affected covered entity without unreasonable delay and in accordance with the timelines and requirements of the HIPAA Breach Notification Rule and our BAA.

7. Individual rights

We support our customers in fulfilling individuals’ rights under HIPAA — including access, amendment, accounting of disclosures, and restriction requests — by providing the tools and records needed to respond to such requests in a timely manner.

8. Ongoing compliance

Our security program is assessed on an ongoing basis, including independent SOC 2 Type II examination. We continually review and improve our controls as regulations, threats, and our platform evolve.

For questions about this statement, to request our BAA, or to contact our Privacy Officer, please email privacy@narzim.com.

Narzim Privacy & Security Office

Remedy Sys LLC

This statement is provided for informational purposes and does not constitute legal advice or a warranty. HIPAA obligations differ between covered entities and business associates; please consult your BAA and counsel for specifics.