Personal data and HIPAA compliance information

Effective Date: 7/1/2021

Purpose

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

This document outlines the tools and processes I.V. Enterprises LLC (operators of Xchart.com) has in place have to secure sensitive patient information and comply with HIPAA.

Encryption of data

HIPAA states that data is encrypted both in transit and at rest.

Data should only be accessible by authorized users

This is always the toughest part, but what follows are the systems we have in place to mitigate risks of unauthorized access. They are organized below, grouped by attack vector.

Changes and audit log

To ensure continued diligence on these matters, our policies and code are audited approximately every 6 months.