Security and Compliance
Our Security Commitments
HIPAA Compliance
We maintain full compliance with the Health Insurance Portability and Accountability Act (HIPAA), including the Privacy, Security, and Breach Notification Rules.
Data Encryption
All data is encrypted both in transit and at rest using industry-standard protocols (TLS 1.2+, AES-256).
Secure Access Controls
Access to systems and PHI is strictly role-based and protected by multi-factor authentication (MFA), strong password policies, and activity logging.
Cloud Infrastructure Security
We utilize reputable cloud service providers with SOC 2 Type II and ISO 27001 certifications, ensuring secure and resilient hosting environments.
Regular Risk Assessments
Our security posture is evaluated regularly through risk assessments, internal audits, and third-party penetration testing.
Incident Response Preparedness
We maintain a documented and tested Incident Response Plan, enabling rapid response and notification in the event of any security incident.
Employee Training
All staff undergo annual security and HIPAA compliance training, with quarterly refreshers on evolving threats and responsibilities.
Business Associate Agreements (BAAs)
We execute BAAs with all subcontractors and vendors who access PHI, holding them to the same standards of confidentiality and protection.
Your Role in Shared Security
As our client or partner, you play an essential role in maintaining a secure environment:
Use secure, approved communication channels for PHI exchange.
Notify us promptly of any suspected breaches or access issues.
Provide accurate contact information to ensure fast response in emergencies.
Participate in data accuracy reviews and validation processes as needed.
Questions or Concerns?
If you have any questions about our security program or need to report a concern, please contact us at:
it@rescuemedfinancial.com
(469)333-7011
