HIPAA Compliance Statement

1. Administrative Safeguards

• Designated Privacy & Security Officer
• Annual HIPAA training for all workforce members
• Written policies governing PHI use and disclosure
• Formal risk assessments at least once per year

2. Physical Safeguards

• Locked file cabinets and restricted clinical areas
• Screen-privacy filters on laptops used for mobile visits
• Secure paper-record disposal via HIPAA-compliant shredding

3. Technical Safeguards

• AES-256 encryption of electronic PHI at rest
• HTTPS/TLS 1.2+ encryption in transit
• Unique user IDs, role-based permissions, multi-factor authentication
• Intrusion detection and audit logging

4. Minimum Necessary Standard

Staff access only the PHI reasonably necessary to perform their job duties.

5. Business Associate Agreements (BAAs)

BAAs are executed with all vendors that create, receive, maintain, or transmit PHI on our behalf (e.g., EHR, cloud backup).

6. Breach Notification Protocol

Unsecured-PHI breaches are reported to affected individuals, the U.S. Department of Health & Human Services, and, when > 500 Arizona residents are involved, the media—per 45 C.F.R. §§ 164.400-414.

7. Your HIPAA Rights

• Inspect and obtain a copy of your medical record
• Request amendments to incomplete or inaccurate information
• Receive an accounting of certain disclosures
• Request confidential communications or additional restrictions on PHI use/disclosure
• File a privacy complaint without fear of retaliation

8. Contact

Questions about HIPAA compliance or your rights? Call (480) 678-5575 or use our secure Contact form.