HIPAA Compliance
We follow HIPAA (Health Insurance Portability and Accountability Act) requirements to protect patient health information:
- We only access the minimum information needed to process claims
- All data is transmitted using encrypted HTTPS connections
- We maintain proper access controls and permissions
- Patient data is kept confidential and not shared without authorization
What We Do
Secure Connections
Our website uses HTTPS encryption (SSL/TLS) to protect data in transit. This is the same technology used by banks and online retailers - you'll see the padlock icon in your browser.
Access Control
We limit who can access sensitive information. Only authorized staff with a legitimate need can view patient or billing data.
Secure Storage
Patient data is stored securely and backed up regularly. We work with established, reputable hosting providers that follow industry security standards.
Business Associate Agreement (BAA)
If you're a covered entity under HIPAA, we'll sign a Business Associate Agreement with you. This legally binds us to protect PHI (Protected Health Information) according to HIPAA rules.
What We're Honest About
We're a small business. We don't have enterprise-grade security operations centers or dedicated security teams. We rely on standard industry practices and established platforms.
We use third-party services. For payments, we use PayPal. For hosting, we use standard web hosting providers. These companies have their own security measures in place.
We're not perfect. No system is 100% secure. We do our best to follow security best practices, but we can't guarantee zero risk.
Your Responsibilities
- Keep your login credentials secure and don't share passwords
- Log out when using shared computers
- Report any suspicious activity or potential security issues
- Review your access logs periodically if available
Questions or Concerns?
If you have questions about our security practices or need to report a security issue, please contact us:
Email: [email protected]
Phone: 951-461-6610