OrbCare Inc. is committed to and has implemented many safeguards to ensure its devices, services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act (HIPAA). OrbCare Inc. is committed to the continuous improvement to ensure our Products incorporate state-of-the-art information technology privacy and security measures.

As a “Business Associate” per the definition in the HIPAA Act, and by assignment of the HIPAA covered entity,OrbCare Inc. is subject to the following controls:

Administrative Safeguards (HIPAA 164.308). OrbCare Inc. has implemented policies to ensure appropriate assignment of data access permissions and proper movement and handling of that data. HIPAA training is an annual mandated event for all staff, as well as annual review of policy effectiveness during internal or 3rd party auditing of our Products.

Physical Safeguards (HIPAA 164.310). The primary physical safeguard for OrbCare Inc. is to not retain sensitive data in any public or private OrbCare Inc. location other than those assigned for database management and quality assurance activities. Specific workstation usage, disposal, reuse and security measures are in place. Access toOrbCare Inc. facilities are all independently controlled via key access preventing walk-up intrusion. OrbCare Inc. data centre uses a cloud-based architecture with inherent security measures including 24 hours monitoring, advanced fire protection systems, uninterruptible power and database redundancy. Annual audit of the facility security plan, disaster recovery plan, and contingency plans are in place.

Technical Safeguards (HIPAA 164.312). To further protect sensitive data, OrbCare Inc. enforces unique software architecture that includes user identifications, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates, various levels of encryption and other custom architecture to further obscure sensitive data from threats.