HIPAA Covered Entity
We are legally required to protect your health information under federal law. Our platform handles healthcare referrals and connects patients with healthcare providers, making us a covered entity with full HIPAA obligations.
Our Commitment to HIPAA Compliance
Plain English Summary
HIPAA is a federal law that protects your medical information. As a platform that handles healthcare referrals, we must follow strict rules about how we collect, store, and share health information. This means your medical details are encrypted, access is strictly controlled, and you have specific rights about your health data.
Why HIPAA Compliance Matters
For healthcare professionals and patients using Heritage Web:
Trust: Your health information is protected by federal law and our rigorous security measures
Confidentiality: Medical referrals and healthcare communications remain private and secure
Integrity: Health information is protected from unauthorized changes or tampering
Availability: Authorized healthcare providers can access referral information when needed
What HIPAA Compliance Means for You
Plain English Summary
For patients: Your health information is encrypted, only authorized people can see it, and you have rights to access and correct your information. For healthcare providers: Our platform meets all HIPAA requirements, we have proper agreements in place, and we help you meet your HIPAA obligations.
For Patients and Individuals
When you submit a referral request or communicate with healthcare providers through Heritage Web:
- Your health information is encrypted and protected
- Access to your information is strictly controlled and monitored
- You have specific rights regarding your health information
- Any unauthorized disclosure would be reported according to federal requirements
For Healthcare Professionals
Healthcare providers using Heritage Web can be confident that:
- Our platform meets HIPAA security standards
- Business Associate Agreements (BAAs) are in place where required
- Referral information is transmitted securely
- Audit trails track all access to protected information
- Your professional obligations under HIPAA are supported
Our HIPAA Compliance Framework
Plain English Summary
HIPAA requires three types of safeguards: Administrative (policies and training), Physical (securing buildings and devices), and Technical (encryption and access controls). We implement all three types to keep your health information safe from every angle.
Administrative Safeguards
Heritage Web implements comprehensive administrative controls:
Security Management: Designated HIPAA Security Officer overseeing compliance
Workforce Training: Regular HIPAA training for all personnel handling health information
Access Management: Role-based access controls with minimum necessary standards
Business Associate Management: Formal agreements with all third parties handling PHI
Risk Management: Annual security risk assessments and continuous monitoring
Physical Safeguards
We protect the physical security of systems containing health information:
Facility Access Controls: Restricted access to data centers and facilities
Workstation Security: Secured workstations and mobile devices
Device Controls: Encrypted devices and secure disposal procedures
Environmental Protection: Protected data centers with redundant safeguards
Technical Safeguards
Our technical security measures include:
Access Controls: Unique user identification and automatic logoff
Encryption: Industry-standard encryption for data at rest and in transit
Audit Controls: Comprehensive logging and monitoring of PHI access
Integrity Controls: Mechanisms to ensure health information isn't improperly altered
Transmission Security: Secure channels for all PHI communications
Privacy Practices
Plain English Summary
You have specific rights under HIPAA, including the right to see your health information, request corrections, know who we've shared it with, and file complaints. We have a detailed Notice of Privacy Practices that explains everything, and you can contact us anytime to exercise these rights.
Your HIPAA Rights
Federal law gives you important rights regarding your health information. You can exercise these rights at any time by contacting our Privacy Officer.
Your Rights Under HIPAA
As an individual whose health information we maintain, you have the right to:
Access: Request to see and get copies of your health information
Amendment: Request corrections to your health information
Accounting: Receive a list of certain disclosures of your information
Restriction: Request limits on uses and disclosures
Confidential Communications: Request communications by alternative means
Complaint: File a complaint if you believe your rights have been violated
To exercise any of these rights, please contact our Privacy Officer at [email protected].
Compliance Verification
Plain English Summary
We don't just say we're HIPAA compliant - we prove it. Every year, we conduct thorough security assessments, update our policies, train our staff, and document everything. Healthcare organizations can request our compliance documentation for their own audits.
Annual Compliance Review
Our most recent comprehensive HIPAA compliance review was completed on May 15, 2025. We maintain all required documentation for regulatory compliance.
Annual Assessments and Reviews
Heritage Web conducts comprehensive annual reviews of our HIPAA compliance program, including:
- Security risk assessments
- Policy and procedure updates
- Technical safeguard evaluations
- Workforce training effectiveness
- Business associate compliance
Documentation and Accountability
We maintain comprehensive documentation of our HIPAA compliance efforts:
- Written policies and procedures
- Risk assessments and remediation plans
- Training records and certifications
- Audit logs and access records
- Incident response documentation
All documentation is retained in accordance with regulatory requirements to demonstrate our ongoing compliance.
Breach Notification
Plain English Summary
If there's ever a breach of health information (which we work hard to prevent), we're legally required to notify affected individuals within 60 days. We'll tell you exactly what happened, what information was involved, and what steps you should take to protect yourself.
60-Day Notification Requirement: In the unlikely event of a breach, affected individuals will be notified within 60 days as required by federal law, with full details and protective recommendations.
Breach Response Protocol
In the unlikely event of a breach affecting protected health information:
- Affected individuals will be notified within 60 days of discovery
- Notifications will include specific information about the breach and protective steps
- Reports will be filed with the Department of Health and Human Services as required
- Media notifications will be made when applicable
- All breaches are thoroughly investigated and documented
Our incident response team is trained to handle potential breaches swiftly and in full compliance with HIPAA requirements.
Working with Business Associates
Plain English Summary
Any company that helps us handle health information must sign a Business Associate Agreement (BAA). This legal contract ensures they follow the same strict HIPAA rules we do. We regularly check that our partners are maintaining proper security.
Business Associate Management
Heritage Web carefully manages relationships with third-party service providers:
- All vendors handling PHI sign Business Associate Agreements
- Security practices of business associates are regularly reviewed
- Compliance obligations flow down to subcontractors
- Immediate action is taken on any identified compliance issues
This ensures that your health information remains protected even when processed by our trusted partners.
For Healthcare Organizations
Plain English Summary
Healthcare organizations working with us can request our compliance documentation for their audits. We provide BAA templates, security assessments, and compliance summaries. Contact our security team for detailed documentation.
Compliance Documentation
Healthcare organizations requiring detailed HIPAA compliance documentation for vendor management or audit purposes may request:
- Summary of our HIPAA compliance program
- Copies of relevant certifications
- Security assessment summaries
- Business Associate Agreement templates
To request compliance documentation, please contact: [email protected]
Business Associate Agreements
We promptly execute Business Associate Agreements with covered entities. Our standard BAA includes:
- Permitted uses and disclosures
- Safeguard requirements
- Breach notification obligations
- Compliance with HIPAA requirements
- Return or destruction of PHI provisions
Questions and Contact Information
Need Help with HIPAA?
Whether you have questions about our compliance, need to exercise your rights, or want to file a complaint, we're here to help. You can also file complaints directly with the federal government if you prefer.
HIPAA Compliance: [email protected]
Privacy Rights: [email protected]
File a Federal Complaint
You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:
Washington, D.C. 20201
Or visit: www.hhs.gov/ocr/privacy/hipaa/complaints/
Additional Resources
Ongoing Compliance Commitment
Our Continuous Improvement
Heritage Web's HIPAA compliance is not a one-time achievement but an ongoing commitment that includes:
- Regular updates to policies and procedures
- Continuous workforce education
- Proactive security enhancements
- Engagement with the healthcare community
- Transparency in our compliance efforts
This HIPAA Compliance statement reflects Heritage Web's commitment to protecting health information across all our publications and services. We take our responsibilities as a covered entity seriously and continuously work to maintain the highest standards of HIPAA compliance. For healthcare professionals and organizations requiring detailed compliance documentation, please contact our security team directly.
HIPAA-Compliant Healthcare Connections
Connect with healthcare professionals through our secure, HIPAA-compliant platform.
