Copyright © 2023 MeddiPop. All Rights Reserved.
Effective date: April 10, 2022
At MeddiPop (“MeddiPop”, “we”, “us”, “our”), we take all necessary measures to comply with the most stringent privacy and security regulations. In addition, to the Delaware Online Privacy and Protection Act (“DOPPA”) and the EU`s General Data Protection Regulation (“GDPR”) compliance, we work hard meet or exceed industry standards with respect to the U.S. Health Insurance Portability and Accountability Act (“HIPAA”) of 1996.
What is HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) establishes two important rules for in connection with the use of protected health information: the security provision and the privacy provision, which are established under a general HIPAA category called the Administrative Simplification Act. Both provisions affect the transmission, storage, and management of protected health information.
In the security provision: the HIPAA security provision became effective on April 21, 2003. Its purpose is to protect confidential medical information. The security provision establishes guidelines to facilitate the storage, maintenance, and transmission of protected health information in a “secure electronic environment”. This includes administrative procedures and physical safeguards, as well as technical measures to control and monitor access to protected health information and prevent unauthorized access to data during transmission.
Privacy Rule: HIPAA’s privacy rule addresses the use and disclosure of protected health information and became effective April 14, 2001. The Privacy Rule requires to make reasonable efforts to limit the use and disclosure of such protected health information by staff to the “minimum necessary” to perform their services. Service Providers are further expected to limit the likelihood of “inadvertent disclosure” to individuals for whom there is no reasonable need to know as a matter of law. In addition, service providers must maintain a log of disclosures of certain protected health information that is not directly related to the patient’s care.
To implement these requirements for business associates and to protect the confidentiality and integrity of protected health information received, the HIPAA Policy sets forth the following:
In addition to complying with HIPAA security recommendations, MeddiPop adheres to the FTC’s Security by Design Guidelines:
MeddiPop servers and supporting systems are protected from hackers and network intrusion by firewalls and other leading security measures.
Controlled Employee Access
Certain MeddiPop staff and system administrators may need to access the MeddiPop platform to provide operational / administrative support. Access rights are strictly controlled, and access is granted only to those who need it to support the MeddiPop platform and its users. All MeddiPop employees and subcontractors are required to sign confidentiality agreements. Access to the system is granted only after validation of the user’s identification data, assigned role and system permissions.
Encryption provides users with a secure way to exchange information. This makes it unusable for anyone who does not have a protected decryption key to (decrypt) the information. MeddiPop provides encryption for user interactions through Secure Socket Layer (SSL) technology with a robust 256-bit encryption key. MeddiPop also uses industry-proven encryption standards, TLS) when health information is transmitted into or out of MeddiPop.
The MeddiPop server and supporting systems are physically secured and protected in world-class data centers. Access to the physical systems is carefully controlled through security measures at multiple levels. of authentication requirements (e.g., user keys, biometrics), security guard and registration check-in requirements, and state-of-the-art security monitoring and alert systems.
Access tracking and disclosure
In accordance with HIPAA standards, MeddiPop logs relevant details each time health information is viewed, edited, or exported to ensure system integrity.
Your HIPAA Rights
When it comes to your health information, you have additional rights. To exercise any of these rights, contact us at the contact information listed above.
We encourage you to contact us if you have any information requests, requests for information or objections about data processing or concerns. However, you also have the right to file a complaint with your local supervisory authority. However, we would appreciate it if you would contact us with your concern before turning to a supervisory authority.
Updating your information
If you believe that the information, we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.
Withdrawing your consent
You can withdraw consents you have given at any time by contacting us.
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any PII or to make a correction requested by you, we will tell you why.
Validity and questions
This HIPAA Statement was last updated on Wednesday, April 12, 2023, and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this statement may be necessary. If you have any data protection questions, please feel free to contact us.
Stop losing patients to the competition. Get a steady stream of patient leads who are ready to book, with MeddiPop’s advanced patient-matching AI.