Contact Us
ServicesInsightsIndustriesAboutContact Us

HIPAA Notice

Last Updated: June 2026

Overview

Metro Relay provides managed IT, cybersecurity, cloud, and infrastructure services to healthcare organizations, clinical laboratories, and other entities that handle protected health information (PHI). This notice describes how Metro Relay approaches the Health Insurance Portability and Accountability Act (HIPAA) and the safeguards we apply when our services involve access to PHI.

Our Role Under HIPAA

Metro Relay LLC generally acts as a Business Associate under HIPAA — not a covered entity. When we create, receive, maintain, or transmit PHI on behalf of a covered entity or another business associate, we do so under a written Business Associate Agreement (BAA).

Business Associate Agreements

Metro Relay will enter into a Business Associate Agreement with each client whose services involve PHI. The BAA governs the permitted uses and disclosures of PHI, the safeguards we maintain, breach-notification obligations, and the return or destruction of PHI at the end of an engagement.

Safeguards We Maintain

Consistent with the HIPAA Security Rule, we apply administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of PHI, including:

  • Access controls, unique user identification, and least-privilege permissions
  • Encryption of data in transit and at rest where appropriate
  • Audit logging, monitoring, and security event review
  • Workforce security training and confidentiality obligations
  • Endpoint protection, patching, and vulnerability management
  • Backup, business continuity, and disaster-recovery practices

Permitted Uses and Disclosures

Metro Relay uses and discloses PHI only as permitted by the applicable Business Associate Agreement and by law — typically to perform the services requested by the client. We do not sell PHI, and we do not use PHI for marketing.

Subcontractors

Where we engage subcontractors that may handle PHI on our behalf, we require them to agree in writing to safeguards at least as protective as those in our own agreements.

Breach Notification

If Metro Relay discovers a breach of unsecured PHI, we will notify the affected client without unreasonable delay and in accordance with the timelines and requirements of the applicable Business Associate Agreement and HIPAA.

Individual Rights

HIPAA grants individuals certain rights regarding their PHI — including access, amendment, and an accounting of disclosures. Because Metro Relay typically acts as a business associate, these requests are generally directed to the covered entity (your healthcare provider or health plan), and we support our clients in responding as required by the BAA.

Questions and Contact

For questions about this notice or our HIPAA practices, or to request a Business Associate Agreement, contact:

Metro Relay LLC
Phone: 945-945-0777
Email: privacy@metrorelay.com

This notice is provided for informational purposes only and does not constitute legal advice.