HIPAA Compliance

How we protect Protected Health Information (PHI)

Protected Health Information (PHI) Handling

ClaimsGuard.io operates as a Business Associate under HIPAA regulations. We understand that medical claims data contains Protected Health Information (PHI) and treat it with the highest level of security and confidentiality.

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Secure file transfer via SFTP or encrypted upload portals only
  • Access controls and audit logging for all data interactions
  • Regular security assessments and vulnerability testing

Our Security Commitment

🔒

Encryption

All client data is protected with AES-256 encryption at rest and TLS 1.3 in transit. Your data is unreadable without proper authorization.

📋

Business Associate Agreement (BAA)

We provide Business Associate Agreements to all clients. This legally binds us to HIPAA compliance and specifies our responsibilities in handling PHI.

🏠

Data Sovereignty

Your data never touches third-party clouds. We maintain full control over our infrastructure and data handling processes.

Security Measures

We implement comprehensive technical and organizational safeguards to protect your data:

Access Control

Role-based access with multi-factor authentication. Only authorized personnel can access client data.

Audit Trails

Complete logging of all data access and modifications. Regular audit reviews ensure compliance.

Data Retention

Data retained only as long as necessary for audit completion, then securely deleted per BAA terms.

Incident Response

Documented breach notification procedures. We notify clients within 24 hours of any suspected incident.

Employee Training

All team members complete annual HIPAA training and sign confidentiality agreements.

Physical Security

Secure facilities with controlled access. Workstations are encrypted and automatically lock.

Our Responsibilities as a Business Associate

Under HIPAA and our Business Associate Agreement, we commit to:

  • Safeguard PHI: Implement appropriate safeguards to prevent unauthorized use or disclosure of Protected Health Information
  • Report Breaches: Notify you within 24 hours of any security incident involving your PHI
  • Subcontractor Oversight: Ensure any subcontractors who access PHI also comply with HIPAA
  • Access Accounting: Maintain records of who accesses PHI and when
  • Return or Destroy: At termination of services, return or securely destroy all PHI as specified in the BAA
  • HHS Compliance: Make our practices available to the Secretary of HHS for compliance purposes

What is Protected Health Information (PHI)?

PHI is any information in a medical record that can be used to identify an individual and that was created, used, or disclosed in the course of providing a health care service. This includes:

  • Names, addresses, birth dates, and Social Security numbers
  • Medical record numbers and health plan beneficiary numbers
  • Diagnosis codes and procedure codes
  • Dates of service and provider information
  • Any other unique identifying numbers or characteristics

As your Business Associate, we handle all PHI we receive in accordance with HIPAA regulations and our BAA with you.

Data Breach Notification

In the unlikely event of a data breach involving your PHI, we will:

  • Within 24 hours: Notify you of the breach
  • Within 72 hours: Provide details of the breach, including what data was involved and steps taken
  • Ongoing: Work with you to mitigate harm and comply with notification requirements

We maintain cyber liability insurance and have established relationships with forensic experts to respond quickly to any security incidents.

Questions About Compliance?

We're happy to discuss our security practices and provide our BAA for review.