HIPAA Notice | New Level Consultants

🛡️ New Level Consultants takes healthcare privacy seriously. We are committed to protecting the confidentiality of any information shared with us during our consulting engagements.

Overview

New Level Consultants, LLC ("NLC") provides healthcare business consulting, compliance advisory, and operational services to covered entities and business associates as defined under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations (collectively, "HIPAA Rules").

This HIPAA Notice describes our policies regarding the handling of Protected Health Information ("PHI") in connection with our consulting services and this website.

Does This Website Collect PHI?

No. The nlcfirm.com website does not collect, process, or store Protected Health Information (PHI). Our website forms collect only business contact information (name, email, organization, industry) necessary to provide consulting services. These forms do not request and should not be used to submit patient health data, medical records, or other PHI.

Important: Please do not submit any patient names, diagnoses, social security numbers, insurance information, or other Protected Health Information through our website contact forms, chat, or email. For secure data sharing related to a consulting engagement, your NLC advisor will provide a secure transfer method.

NLC as a Business Associate

When NLC provides consulting services that involve access to, creation on behalf of, or use of PHI on behalf of a covered entity or another business associate, NLC functions as a Business Associate under HIPAA. In these circumstances:

A Business Associate Agreement (BAA) must be executed between your organization and NLC before any PHI is accessed or shared.
NLC agrees to use and disclose PHI only as permitted by the BAA and the HIPAA Privacy Rule.
NLC implements appropriate administrative, physical, and technical safeguards to protect PHI.
NLC reports any breaches of unsecured PHI in accordance with the HIPAA Breach Notification Rule.
NLC ensures that any subcontractors who access PHI on NLC's behalf also execute a BAA.

Need a Business Associate Agreement?

If your engagement with NLC involves access to PHI, a BAA is required before work commences. Our standard BAA template is available to all consulting clients at no additional cost.

Client Portal & Data Handling

The NLC Client Portal (available at /portal.html) provides access to purchased digital tools and assessments. The portal collects and stores only the information necessary to provision your account and deliver your purchased products. No PHI should be submitted through the portal.

Client Portal data is stored on secure servers with encryption in transit (TLS) and at rest. Access is restricted through authenticated sessions using industry-standard JWT tokens with expiration controls.

Your HIPAA Rights (Covered Entities)

If your organization is a covered entity subject to HIPAA, you retain full responsibility for your own HIPAA compliance obligations under the Privacy Rule, Security Rule, and Breach Notification Rule. NLC's consulting services are designed to support your compliance program, but engaging NLC does not transfer your compliance obligations to NLC.

Data Minimization Commitment

NLC is committed to the principle of data minimization — we collect only the minimum information necessary to deliver our services. We do not use health information for marketing purposes and do not sell health-related data under any circumstances.

Contact Our Compliance Team

For questions about this HIPAA Notice, to request a BAA, or to report a potential privacy concern:

New Level Consultants, LLC — Compliance Office
Email: info@nlcfirm.com
Website: nlcfirm.com

We aim to respond to all compliance inquiries within 2 business days.