NeoMedica
Protecting Patient Health Information Since 2023

HIPAA Compliance

NeoMedica is committed to maintaining the highest standards of privacy and security for protected health information.

Our Commitment to HIPAA Compliance

NeoMedica understands the critical importance of protecting patient health information. As a healthcare staffing organization working with sensitive medical data, we maintain strict compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations. Our commitment extends beyond mere compliance - we strive to be a trusted steward of the healthcare information entrusted to us.

Understanding HIPAA

The Health Insurance Portability and Accountability Act establishes national standards for protecting sensitive patient health information. HIPAA requires appropriate safeguards to protect the privacy of protected health information (PHI) and sets limits on the use and disclosure of such information.

Privacy Rule

The HIPAA Privacy Rule establishes national standards for the protection of individuals' medical records and other personal health information. It requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made without patient authorization.

Security Rule

The HIPAA Security Rule establishes national standards to protect individuals' electronic personal health information (ePHI). It requires appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI.

Breach Notification Rule

The Breach Notification Rule requires covered entities and business associates to provide notification following a breach of unsecured protected health information. This ensures affected individuals, the HHS Secretary, and in some cases the media, are notified promptly.

NeoMedica as a HIPAA Business Associate

As a Business Associate under HIPAA, NeoMedica enters into Business Associate Agreements (BAAs) with covered entities and assumes specific responsibilities for protecting PHI:

  • Use or disclose PHI only as permitted or required by the BAA or by law
  • Implement appropriate safeguards to prevent unauthorized use or disclosure
  • Report any unauthorized use or disclosure to the covered entity
  • Ensure that subcontractors agree to the same restrictions and conditions
  • Make PHI available for individual access rights
  • Return or destroy all PHI upon contract termination

Our Security Measures

NeoMedica implements comprehensive security measures across administrative, physical, and technical domains to protect health information.

Administrative Safeguards

Policies and procedures designed to clearly show how the entity will comply with HIPAA.

  • Security management processes
  • Assigned security responsibility
  • Workforce security policies
  • Information access management
  • Security awareness training
  • Security incident procedures
  • Contingency planning
  • Regular evaluations

Physical Safeguards

Physical measures, policies, and procedures to protect electronic information systems.

  • Facility access controls
  • Workstation use policies
  • Workstation security
  • Device and media controls
  • Physical access monitoring
  • Secure disposal procedures

Technical Safeguards

Technology and policies for protecting and controlling access to ePHI.

  • Access control mechanisms
  • Audit controls and logging
  • Integrity controls for ePHI
  • Person or entity authentication
  • Transmission security

Key Security Implementations

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption standards.

Access Controls

Role-based access control (RBAC) ensures employees only access information necessary for their job functions.

Authentication

Multi-factor authentication (MFA) is required for all system access containing PHI.

Audit Logging

Comprehensive audit trails track all access to and modifications of protected health information.

Regular Security Assessments

We conduct regular vulnerability assessments and penetration testing to identify and address security gaps.

Incident Response

Documented incident response procedures ensure swift action in the event of any security incident.

Secure Data Centers

Our infrastructure is hosted in SOC 2 Type II certified data centers with 24/7 monitoring.

Regular Backups

Automated, encrypted backups ensure data availability and support our disaster recovery capabilities.

Workforce Training & Awareness

All NeoMedica employees receive comprehensive HIPAA training to ensure they understand their responsibilities in protecting health information:

  • Initial HIPAA training upon hire for all employees
  • Annual refresher training and competency assessments
  • Role-specific training for those handling PHI directly
  • Security awareness training including phishing prevention
  • Documentation of all training activities
  • Regular updates on emerging threats and best practices

For Healthcare Professionals

Healthcare professionals placed through NeoMedica receive specialized training covering:

  • Understanding the minimum necessary standard
  • Proper handling and disposal of PHI
  • Recognizing and reporting potential security incidents
  • Patient rights and how to support them
  • Using secure communication channels
  • Mobile device security best practices

Individual Rights Under HIPAA

Under HIPAA, individuals have specific rights regarding their health information. NeoMedica supports the exercise of these rights:

Right to Access

You have the right to inspect and obtain a copy of your health information that we maintain.

Right to Amend

You may request amendments to your health information if you believe it is incorrect or incomplete.

Right to Accounting of Disclosures

You can request a list of certain disclosures we have made of your health information.

Right to Request Restrictions

You may request restrictions on how we use or disclose your health information.

Right to Confidential Communications

You can request that we communicate with you about health matters in a specific way or location.

Right to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or with HHS.

Breach Notification

In the unlikely event of a breach involving protected health information, NeoMedica has established procedures to respond swiftly and appropriately:

  • Identify and contain the breach promptly
  • Investigate the nature and extent of PHI involved
  • Notify affected individuals, covered entities, and HHS as required by law
  • Implement measures to prevent future occurrences

To report a suspected breach, contact:
Email: info@neomedicapr.com
Phone: 1 (787) 945-7120

Business Associate Agreements

NeoMedica enters into Business Associate Agreements (BAAs) with all healthcare provider partners as required by HIPAA. These agreements establish:

  • Permitted uses and disclosures of PHI
  • Obligations to safeguard PHI
  • Breach notification requirements
  • Subcontractor requirements
  • Return or destruction of PHI upon termination
  • Compliance with HIPAA Security Rule
  • Access to PHI for audits and investigations

Continuous Improvement

NeoMedica is committed to continuously improving our HIPAA compliance program through:

  • Annual risk assessments to identify vulnerabilities
  • Regular policy and procedure reviews and updates
  • Monitoring of regulatory changes and guidance
  • Implementation of industry best practices
  • Internal audits and compliance reviews
  • Third-party security assessments
  • Continuous monitoring of security controls

Privacy & Compliance Contact Information

If you have questions about our HIPAA compliance practices or wish to exercise your rights, please contact:

Privacy Officer

Email: info@neomedicapr.com

Phone: 1 (787) 945-7120

Compliance Officer

Email: info@neomedicapr.com

Phone: 1 (787) 945-7120

Mailing Address

NeoMedica
San Juan, Puerto Rico