HIPAA Policy

CipherHealth is committed to protecting the privacy of our clients’ patients’ personal health information. Part of that commitment is complying with the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which requires us to take additional measures to protect personal information and to inform our clients about those measures.

Our Commitment

As a Business Associate under HIPAA, CipherHealth maintains administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of Protected Health Information (PHI) entrusted to us by our covered-entity clients. These safeguards include:

Encryption of PHI in transit and at rest using industry-standard protocols
Role-based access controls limiting PHI access to authorized personnel
Regular risk assessments and security audits to identify and address vulnerabilities
Workforce training on HIPAA requirements and data handling procedures
Incident response and breach notification procedures in compliance with HIPAA requirements

Business Associate Agreements

CipherHealth enters into Business Associate Agreements (BAAs) with all covered-entity clients, ensuring that PHI is handled in accordance with HIPAA regulations and that both parties understand their responsibilities for safeguarding patient data.

Patient Rights

CipherHealth supports the rights of patients as outlined in the HIPAA Privacy Rule, including the right to access, amend, and receive an accounting of disclosures of their health information. We work with our clients to facilitate these rights when applicable.

Contact Us

If you would like more detailed information about our HIPAA compliance practices, please contact us at [email protected].