At EeRevPro, we recognize the sensitive nature of healthcare data and are fully committed to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Our responsibility is to ensure that all protected health information (PHI) is handled with the highest level of security, confidentiality, and integrity.

1. Our Commitment

We act as a Business Associate (BA) to Covered Entities, such as healthcare providers and facilities.

We enter into Business Associate Agreements (BAAs) with clients to define permitted uses and disclosures of PHI.

We train all staff on HIPAA policies, privacy rules, and breach notification standards.

2. Administrative Safeguards

Employee access to PHI is strictly role-based and limited.

Regular workforce training and confidentiality agreements.

Internal auditing and compliance monitoring.

3. Technical Safeguards

PHI is encrypted in storage and transmission.

Secure access controls including multi-factor authentication.

Audit logs track system access and data usage.

4. Physical Safeguards

Offices and servers are protected by restricted access, surveillance, and secure disposal of printed PHI.

Remote workers operate under strict VPN and device security policies.

5. Breach Notification

If a data breach occurs involving PHI, EeRevPro will promptly notify affected clients in accordance with HIPAA requirements and assist with corrective actions.

6. Client Responsibilities

While we protect PHI as a Business Associate, healthcare providers (Covered Entities) must also maintain HIPAA compliance on their end. This includes obtaining patient consent and ensuring secure transmission of PHI to EeRevPro.

7. Continuous Compliance

HIPAA regulations evolve. EeRevPro continuously updates policies, technology, and training to maintain compliance and safeguard patient data.