Patient data protection is not optional. Our comprehensive HIPAA compliance program ensures every interaction, every record, and every communication meets the highest standards of healthcare data security.
Comprehensive written policies for PHI access, incident response, workforce training, and sanctions for violations. Annual policy review and updates.
End-to-end encryption for data in transit and at rest. Role-based access controls, automatic session timeouts, and multi-factor authentication for all systems.
Workstation use policies, device encryption, secure disposal of hardware, and environmental controls for any physical systems handling PHI.
Executed BAAs with every client and subcontractor. Clear delineation of responsibilities for PHI protection, breach notification, and liability.
Every team member completes comprehensive HIPAA training upon hiring with annual recertification. Regular phishing simulations and security awareness programs.
Documented incident response plan with 60-minute initial response SLA. Includes containment, assessment, notification, and remediation procedures.
Individuals have the right to access, inspect, and obtain copies of their protected health information maintained by our systems.
Individuals may request amendments to their PHI if they believe information is inaccurate or incomplete.
Individuals may request an accounting of disclosures of their PHI made by our organization for the prior six years.
Individuals may file a complaint with us or with the U.S. Department of Health and Human Services if they believe their privacy rights have been violated.
For HIPAA-related inquiries, contact our Privacy Officer at privacy@sssupport.net or call +1 (657) 777-0006