Hipaa Compliance
HeyMedicaid maintains the highest standards of HIPAA compliance to protect your Protected Health Information (PHI). Our comprehensive security program exceeds federal requirements and undergoes regular third-party audits.
Covered Entity Status: HeyMedicaid operates as a covered entity under HIPAA as we transmit health information electronically in connection with covered transactions. We are fully committed to complying with all aspects of HIPAA's Privacy, Security, and Breach Notification Rules.
Privacy Rule Compliance
We strictly control how PHI is used and disclosed, providing you with Notice of Privacy Practices and obtaining authorization when required.
Security Rule Compliance
We implement comprehensive administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of ePHI.
Breach Notification
In the unlikely event of a breach, we maintain incident response procedures to notify affected individuals within 60 days as required by law.
Regular Audits
We conduct annual HIPAA compliance audits and risk assessments, with quarterly reviews of our security controls and policies.
Our technical infrastructure is designed to exceed HIPAA requirements:
Encryption Standards
Access Controls
Audit Logging & Monitoring
Workforce Training
All employees receive comprehensive HIPAA training upon hiring and annual refresher training. Specialized training for roles with PHI access.
Business Associate Agreements
All vendors with potential PHI access sign comprehensive BAAs. Regular reviews ensure compliance with HIPAA requirements.
Risk Management
Annual risk assessments identify and mitigate potential vulnerabilities. Continuous monitoring and improvement of security measures.
Incident Response
24/7 security operations center monitors for potential breaches. Documented incident response plan with defined escalation procedures.
Data Centers
SOC 2 certified facilities with 24/7 security, biometric access controls, and environmental monitoring.
Device Controls
Mobile device management (MDM), encrypted hard drives, and secure disposal procedures for all devices.
Facility Access
Restricted access to areas containing PHI, visitor logs, and escort requirements for all facilities.
As a patient, HIPAA grants you specific rights regarding your health information. HeyMedicaid is committed to honoring these rights and making it easy for you to exercise them.
Right to Access Your PHI
Request and receive copies of your health records within 30 days.
Right to Amend
Request corrections to inaccurate or incomplete information.
Right to Accounting of Disclosures
Receive a list of who we've shared your PHI with and why.
Right to Request Restrictions
Ask us to limit how we use or share your health information.
Right to Confidential Communications
Choose how and where we contact you about your health.
Right to File a Complaint
File a complaint with us or HHS if you believe your rights were violated.
HIPAA Compliant
Fully compliant with Privacy, Security, and Breach Rules
SOC 2 Type I
Security controls audit in process
HITRUST Ready
Preparing for certification
ISO 27001
International standard for information security
HIPAA Compliance Officer
Dr. Sarah Johnson, Chief Compliance Officer
HeyMedicaid, Inc.
PO Box 1234
San Francisco, CA 94102
Contact Information
Email: compliance@heymedicaid.com
Phone: 1-800-HIPAA-HM (1-800-447-2246)
Secure Fax: 1-888-555-0123
File a Complaint: hipaa.heymedicaid.com/complaint
To file a complaint with HHS:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/