HIPAA Privacy Policy
Effective Date: July 26,2024
Contact: privacy@osteomemo.com
1. Purpose of This Policy
This policy explains how OsteoMemo.com collects, uses, stores, and protects Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HITECH Act.
2. Our Role Under HIPAA
- OsteoMemo.com is a Business Associate under HIPAA.
- We provide services to Covered Entities and handle PHI on their behalf.
- We enter into Business Associate Agreements (BAAs) with all Covered Entities using our platform.
3. Types of Information We Handle
- Patient names, contact info
- Medical histories, treatment notes, SOAP notes
- Appointment data
- Diagnostic codes and billing data
- Lab results, prescriptions, and imaging
4. How We Protect PHI
Technical Safeguards
- SSL/TLS encryption
- AES-256 encrypted storage
- HIPAA-compliant cloud hosting
Access Controls
- Role-based permissions
- 2FA available
- Audit logging
Data Integrity
- Daily backups
- Change tracking and tamper alerts
5. Permitted Use & Disclosure of PHI
We only use or disclose PHI as authorized by the Covered Entity, for healthcare operations, or as required by law.
6. User Responsibilities
Covered Entities are responsible for managing user access and training staff on HIPAA compliance.
7. Breach Notification
In case of a data breach, we notify affected Covered Entities within 48 hours and cooperate fully with remediation.
8. Your Rights and Choices
Covered Entities and patients may request access to, correction of, or an audit of their PHI at any time.
9. Changes to This Policy
Updates will be posted at: https://osteomemo.com/hipaa-policy
10. Contact Us
Email: privacy@osteomemo.com
Home
Contact Us
sales@osteomemeo.com
© 2025 by Osteomemo