HIPAA Compliance

How we protect patient health information

Last Updated: January 1, 2025

Our Commitment to HIPAA

DMEAid is fully committed to protecting the privacy and security of Protected Health Information (PHI). We have implemented comprehensive administrative, physical, and technical safeguards to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA).

Business Associate Agreement Required: Before transmitting any PHI through DMEAid, healthcare providers must execute a Business Associate Agreement (BAA). Request a BAA here.

Administrative Safeguards

  • Designated HIPAA Privacy and Security Officers
  • Comprehensive workforce training program
  • Written policies and procedures for PHI handling
  • Regular risk assessments and security audits
  • Incident response and breach notification procedures
  • Business Associate management program

Physical Safeguards

  • SOC 2 Type II certified data centers (Google Cloud Platform)
  • Physical access controls and monitoring
  • Environmental controls (fire suppression, climate control)
  • Secure workstation policies for remote workforce

Technical Safeguards

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication (MFA) required
  • Role-based access controls (RBAC)
  • Automatic session timeouts
  • SHA-256 hash-chain audit logging
  • Real-time intrusion detection and monitoring

Audit Trail (Patent-Pending Technology)

Our patent-pending cryptographic audit trail ensures complete accountability:

  • Every access, modification, and transmission of PHI is logged
  • SHA-256 hash-chain links each audit entry cryptographically
  • Immutable, append-only log structure prevents tampering
  • Minimum 6-year retention per HIPAA requirements
  • Automated integrity verification

Data Retention

In compliance with HIPAA regulations, we retain PHI and related documentation for a minimum of 6 years from the date of creation or last effective date, whichever is later. Our retention policies include:

  • Secure storage with continuous encryption
  • Regular backup and disaster recovery testing
  • Secure disposal procedures when retention periods expire

Breach Notification

In the unlikely event of a data breach involving PHI, DMEAid will:

  • Notify affected Covered Entities within 24 hours of discovery
  • Provide detailed breach assessment and investigation
  • Assist with required notifications to HHS and affected individuals
  • Implement corrective actions to prevent recurrence

Contact Our HIPAA Team

For questions about our HIPAA compliance program or to report a potential security concern:

HIPAA Privacy Officer
Email: hipaa@dmeaid.com

Security Concerns
Email: security@dmeaid.com