HIPAA Compliance Policy

Effective Date: 01/01/2025

​

MedVIP ("we," "our," or "us") is committed to protecting the privacy and security of individuals’ protected health information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA). This HIPAA Compliance Policy outlines how we ensure that our website, services, and operations comply with HIPAA regulations.

1. Overview of HIPAA Requirements

Under HIPAA, we are required to:

• Ensure the confidentiality, integrity, and availability of PHI.

• Protect against any reasonably anticipated threats or hazards to the security of PHI.

• Protect against unauthorized uses or disclosures of PHI.

• Ensure workforce compliance with HIPAA regulations.

2. Collection and Use of PHI

We collect and use PHI solely for purposes authorized by patients or healthcare providers, such as:

• Processing medical forms and requests (e.g., DOH 4359, M11Q, MD Order 485).

• Facilitating telehealth services, including video and audio consultations.

• Providing remote patient monitoring (RPM) and chronic care management (CCM).

• Complying with legal or regulatory obligations.

3. Safeguards to Protect PHI

To ensure the security and confidentiality of PHI, we implement the following safeguards:

a. Administrative Safeguards:

• Conduct regular risk assessments to identify potential vulnerabilities.

• Establish and enforce policies and procedures for handling PHI.

• Train employees on HIPAA requirements and best practices.

b. Technical Safeguards:

• Encrypt PHI both in transit and at rest.

• Use secure access controls, including multi-factor authentication and role-based permissions.

• Maintain audit logs to monitor access and changes to PHI.

c. Physical Safeguards:

• Restrict access to facilities where PHI is stored.

• Use secure servers and data centers to store digital PHI.

• Implement secure disposal procedures for paper records containing PHI.

4. Business Associate Agreements (BAAs)

We enter into Business Associate Agreements with all third-party vendors who handle PHI on our behalf. These agreements ensure that vendors comply with HIPAA requirements and safeguard PHI.

5. Patient Rights

We recognize and uphold the rights of patients to:

• Access their PHI.

• Request corrections to inaccurate or incomplete PHI.

• Receive an accounting of disclosures of their PHI.

• File complaints if they believe their privacy rights have been violated.

Patients may exercise these rights by contacting us at:

• Email: privacy@medvip.com

• Phone: (123) 456-7890

6. Breach Notification Procedures

In the event of a breach involving PHI:

• We will notify affected individuals without unreasonable delay and no later than 60 days after discovering the breach.

• Notifications will include details of the breach, steps taken to mitigate harm, and recommended actions for individuals to protect themselves.

• We will report breaches affecting more than 500 individuals to the Department of Health and Human Services (HHS).

7. HIPAA Compliance Monitoring and Updates

We conduct periodic audits to ensure compliance with HIPAA requirements and update our policies and practices as needed. Changes to this policy will be posted on our website with the updated "Effective Date."

8. Contact Information

For questions about this policy or to report a privacy concern, please contact:

• Email: info@medvip.us

• ​

Commitment to HIPAA Compliance

MedVIP is dedicated to protecting the privacy and security of PHI and upholding the trust of our patients, partners, and stakeholders. Our compliance efforts reflect our commitment to maintaining the highest standards of confidentiality and integrity in healthcare services.