hippa & compliance

Administrative Safeguards 

We maintain structured policies and procedures that ensure all PHI is accessed and handled only when appropriate.
Our administrative safeguards include:

• Required HIPAA compliance training for all staff
• Role-based access controls
• Secure onboarding and offboarding procedures
• Non-disclosure and confidentiality agreements
• Workflow audits and documentation monitoring
• Designated HIPAA Compliance Lead

We ensure physical protection for any system, document, or device that may store or access PHI.
This includes:

• Secured workstations
• Controlled access to physical records
• Confidential document disposal and shredding
• Clean desk standards
• Remote work safeguards (Idaho-specific, see below)

We use secure, encrypted systems to protect PHI.
This includes:

• Encrypted email and data storage
• Multi-factor authentication
• Secure clearinghouse and EHR access
• Password management protocols
• VPN or secure network requirements for remote access
• Audit logs and access tracking

 Idaho does not have a separate “HIPAA-equivalent” privacy law, but it does require healthcare entities and business associates operating in the state to follow:

We comply with Idaho’s strict requirements for:

• Protecting sensitive personal information
• Reporting breaches promptly if they occur
• Notifying affected parties in a reasonable timeframe

While primarily for providers, these rules influence how PHI must be documented and handled.
We support compliance by ensuring:

• Accurate claims reflect proper documentation
• No unauthorized use or disclosure of patient information
• Correct storage and transmission of records

Since our company is Idaho-based with remote team members, we adhere to:

• Secure home workstation expectations
• Private workspace requirements to prevent incidental PHI exposure
• Idaho employer cybersecurity best practices
• Restricted use of personal devices for PHI access
• Encrypted communications at all times

We provide a BAA to every client to clearly outline:

• Our responsibilities as a Business Associate
• Safeguards we use to protect PHI
• Permitted uses and disclosures of PHI
• Breach response obligations
• Security standards for all electronic interactions

To ensure compliance, we use secure, encrypted methods for all communication involving PHI.
This includes:

• HIPAA-compliant email platforms
• Encrypted file transfer
• Secure portals or clearinghouse systems
• No texting or messaging PHI through unsecured apps

We routinely perform internal audits to ensure accuracy and compliance.
This includes:

• Claim accuracy checks
• Documentation review
• Access log monitoring
• Credentialing document verification
• Ongoing policy review

Every team member completes:

• HIPAA training on onboarding
• Annual refresher training
• Compliance and privacy modules
• Internal systems and security training

All staff also follow Idaho-specific data protection and breach notification expectations.