Regulatory Compliance

Last updated: December 2024

S2Y, LLC is committed to maintaining the highest standards of regulatory compliance for medical and health information across all jurisdictions where we operate. We understand the critical importance of protecting health data and adhering to applicable regulations in the healthcare technology sector.

United States Compliance

HIPAA (Health Insurance Portability and Accountability Act)

S2Y, LLC maintains strict compliance with HIPAA regulations to protect patient health information (PHI). Our systems and processes include:

  • Comprehensive administrative, physical, and technical safeguards
  • Regular risk assessments and security audits
  • Employee training on HIPAA compliance requirements
  • Business Associate Agreements (BAAs) with all relevant partners
  • Incident response procedures for potential breaches

FDA (Food and Drug Administration)

Our medical-grade HOCl products and health technology solutions comply with FDA requirements:

  • Quality Management System (QMS) implementation
  • Medical device regulations where applicable
  • Software as Medical Device (SaMD) compliance
  • Good Manufacturing Practice (GMP) standards

FTC (Federal Trade Commission)

We adhere to FTC guidelines for health claims and consumer protection:

  • Truthful and non-misleading health product claims
  • Substantiation of all medical and health benefits
  • Clear and prominent disclosure of material terms

Canadian Compliance

PIPEDA (Personal Information Protection and Electronic Documents Act)

S2Y, LLC complies with Canadian privacy laws for personal health information:

  • Consent-based collection and use of personal information
  • Limiting collection to necessary purposes
  • Safeguarding personal information with appropriate security measures
  • Transparency in privacy practices and policies

Health Canada Regulations

Our products and services meet Health Canada requirements:

  • Medical device licensing where applicable
  • Natural health product regulations compliance
  • Quality assurance and safety standards

European Union Compliance

GDPR (General Data Protection Regulation)

We maintain full GDPR compliance for EU residents:

  • Lawful basis for processing personal data
  • Data minimization and purpose limitation
  • Individual rights including access, rectification, and erasure
  • Data Protection Impact Assessments (DPIAs)
  • Appointment of Data Protection Officer (DPO)
  • Privacy by design and by default

Medical Device Regulation (MDR)

Our medical products comply with EU MDR requirements:

  • CE marking for applicable medical devices
  • Post-market surveillance systems
  • Clinical evaluation and evidence requirements
  • Unique Device Identification (UDI) system

Information Security Framework

S2Y, LLC implements comprehensive security measures across all operations:

Technical Safeguards

  • End-to-end encryption for all health data transmission
  • Multi-factor authentication for system access
  • Regular security testing and vulnerability assessments
  • Secure cloud infrastructure with industry-leading providers
  • Automated backup and disaster recovery systems

Administrative Controls

  • Information security policies and procedures
  • Role-based access controls
  • Regular employee security training
  • Third-party security assessments
  • Incident response and breach notification procedures

Physical Security

  • Restricted access to facilities and equipment
  • Environmental controls for data centers
  • Secure disposal of physical media
  • Surveillance and monitoring systems

Quality Management

S2Y, LLC maintains ISO-compliant quality management systems:

  • ISO 13485 for medical device quality management
  • ISO 27001 for information security management
  • ISO 14971 for medical device risk management
  • Continuous improvement processes
  • Regular internal and external audits

Ongoing Compliance Monitoring

We maintain ongoing compliance through:

  • Regular regulatory updates and legal reviews
  • Compliance training for all employees
  • Third-party compliance assessments
  • Continuous monitoring of regulatory changes
  • Engagement with legal and regulatory experts

Transparency and Reporting

S2Y, LLC is committed to transparency in our compliance efforts:

  • Regular compliance reports to stakeholders
  • Public disclosure of security incidents when required
  • Cooperation with regulatory authorities
  • Clear communication of privacy practices to users

Contact Information

For compliance-related inquiries or to report concerns:

Compliance Officer
Email: compliance@s2y.us
Phone: +1 678-792-8330

Data Protection Officer (EU)
Email: dpo@s2y.us

S2Y, LLC
1515 Route 22 West STE 30 #1099
Watchung, NJ 07069
United States

This compliance statement is reviewed and updated regularly to reflect current regulatory requirements and best practices. For the most current version, please visit our website or contact our compliance team.