HIPAA Compliance

We implement comprehensive administrative safeguards to ensure HIPAA compliance:

• Security Officer: Designated HIPAA Security Officer responsible for compliance oversight
• Workforce Training: All employees receive mandatory HIPAA training upon hire and annually thereafter
• Access Controls: Role-based access controls ensuring employees only access PHI necessary for their job functions
• Business Associate Agreements: BAAs executed with all vendors and service providers who handle PHI
• Incident Response Plan: Comprehensive procedures for identifying, reporting, and responding to security incidents
• Regular Audits: Internal and external audits to assess compliance and identify areas for improvement
• Policies and Procedures: Documented policies covering all aspects of HIPAA compliance

Physical security measures protect PHI from unauthorized access:

• Facility Access Controls: Secure facilities with restricted access, badge systems, and visitor logs
• Workstation Security: Secure workstations with automatic screen locks and physical barriers
• Device Controls: Encryption and secure storage for all devices containing PHI
• Media Controls: Secure handling, storage, and disposal of all media containing PHI
• Data Center Security: State-of-the-art data centers with 24/7 monitoring and physical security

Advanced technical controls protect PHI in electronic form:

• Encryption: End-to-end encryption for data in transit and at rest using industry-standard algorithms
• Access Controls: Unique user identification, multi-factor authentication, and automatic logoff
• Audit Controls: Comprehensive logging and monitoring of all system activity
• Integrity Controls: Mechanisms to ensure PHI is not improperly altered or destroyed
• Transmission Security: Secure communication protocols and encrypted connections
• Backup and Recovery: Regular encrypted backups with tested disaster recovery procedures
• Network Security: Firewalls, intrusion detection, and network segmentation

As a Business Associate under HIPAA, MedSure:

• Executes Business Associate Agreements (BAAs) with all Covered Entity clients
• Maintains BAAs with all subcontractors and vendors who handle PHI
• Ensures all BAAs include required HIPAA provisions and safeguards
• Regularly reviews and updates BAAs to ensure compliance
• Provides BAAs to clients upon request and before service initiation

MedSure maintains comprehensive breach notification procedures:

• Immediate Detection: Systems and processes to quickly identify potential breaches
• Risk Assessment: Prompt evaluation to determine if a breach has occurred
• Notification: Timely notification to affected clients and individuals as required by HIPAA
• Regulatory Reporting: Compliance with HHS breach notification requirements
• Remediation: Immediate action to contain and remediate any security incidents

MedSure supports Covered Entities in fulfilling patient rights under HIPAA:

• Right to access PHI
• Right to request amendments to PHI
• Right to request restrictions on use and disclosure
• Right to request confidential communications
• Right to receive an accounting of disclosures
• Right to file complaints

MedSure maintains ongoing compliance through:

• Regular HIPAA training for all workforce members
• Annual security risk assessments
• Continuous monitoring and auditing of systems and processes
• Regular review and updates of policies and procedures
• Staying current with HIPAA regulations and industry best practices
• Participation in industry compliance programs and certifications

For questions about our HIPAA compliance or to request a Business Associate Agreement, please contact us:

For more information about HIPAA, visit the U.S. Department of Health and Human Services HIPAA website.