HIPAA Compliance
MedPrecision operates as a HIPAA-compliant Business Associate. We take the protection of Protected Health Information (PHI) seriously and implement comprehensive safeguards across our operations.
Our HIPAA Commitments
Business Associate Agreements
We execute BAAs with every client before accessing any PHI. These agreements define the scope of PHI access, permissible uses, and breach notification procedures.
Administrative Safeguards
All team members complete HIPAA training upon onboarding and annually thereafter. We maintain a designated Privacy Officer and Security Officer responsible for compliance oversight.
Technical Safeguards
PHI is encrypted in transit and at rest. Our systems use role-based access controls, multi-factor authentication, and audit logging for all PHI access.
Physical Safeguards
Access to systems containing PHI is restricted to authorized personnel. Remote workstations follow security policies including screen locks, encrypted storage, and secure network connections.
Breach Notification
In the event of a breach of unsecured PHI, we follow the notification requirements outlined in the HITECH Act, including notification to affected individuals, the covered entity, and HHS as required.
Minimum Necessary Standard
We access only the minimum amount of PHI necessary to perform billing, coding, and revenue cycle functions on behalf of our clients. Access privileges are assigned based on job function and reviewed regularly.
Ongoing Compliance
We conduct regular risk assessments, internal audits, and policy reviews to maintain compliance with evolving HIPAA regulations. Our compliance program is designed to identify and address vulnerabilities before they become risks.
Questions
For questions about our HIPAA compliance practices, contact our Privacy Officer at privacy@medprecisionbilling.com or call 1-800-MED-PREC.