HIPAA Compliance and ePHI Protection

SureVisit Health, LLC is HIPAA compliant and committed to safeguarding electronic protected health information (ePHI). We implement the HHS Security Rule’s administrative, physical, and technical safeguards, maintain a signed Business Associate Agreement (BAA) with our web‑hosting partner and provide HIPAA‑compliant BAAs to every healthcare client to protect patient, practice, and provider data.

What This Means for Your Practice

  • Comprehensive ePHI protection across our platform and integrations.
  • Contractual assurances: we maintain a signed BAA with our web hosting provider (HIPPAVault), our Email (MailGun) and SMS (Twilio) patient email and text providers, and we deliver a BAA to every client.
  • Shared responsibility model: we secure the platform through our HIPPA compliant partners and our office procedures. Clients retain responsibility for local policies, user provisioning, and clinical workflows.

     

 

Administrative Physical and Technical Safeguards

Administrative Safeguards

  • Risk analysis and risk management program with documented remediation.
  • Designated Security Officer and ongoing workforce HIPAA training.
  • Access governance using role‑based access and least‑privilege principles.

Physical Safeguards

  • Secure controls for our computers and access to SureVisit Health cloud environment. No client data or client patient data is stored on any local machines.
  • Device and media management including secure disposal and encrypted removable media handling.

Technical Safeguards

  • Encryption in transit and at rest using industry‑standard protocols and strong cryptography.
  • Identity and access controls including multi‑factor authentication (MFA) for administrative access.
  • Logging, monitoring, and integrity controls with audit trails and alerting.
  • Regular vulnerability scanning and patch management.

     

 

 

Industry-Leading HIPAA-Compliant Hosting with HIPPAVault

SureVisit Health uses HIPPAVault for web hosting, an industry-leading HIPAA-compliant hosting solution. This ensures that all hosted data is protected with rigorous security controls, including:

  • Fully HIPAA-compliant infrastructure designed specifically for healthcare applications.
  • End-to-end encryption for data in transit and at rest.
  • Continuous monitoring and threat detection to prevent unauthorized access.
  • Regular security audits and compliance assessments to maintain certification.
  • Automated backups and disaster recovery to ensure data availability and integrity.

 By leveraging HIPPAVault, SureVisit Health guarantees secure, reliable, and compliant hosting that meets the highest standards for protecting electronic protected health information (ePHI).

 

 

Business Associate Agreements BAAs

  • Our hosting, email, and SMS partners are Business Associates under HIPAA and operate under signed BAAs that require appropriate safeguards, breach reporting, and cooperation with HHS audits.
  • We provide a HIPAA‑compliant BAA to every healthcare client; the BAA includes permitted uses, required safeguards, breach notification timelines, subcontractor flow‑downs, and audit cooperation.
  • Vendor oversight: we enforce flow‑down clauses, perform periodic vendor reviews, and require subcontractors that handle ePHI to accept BAAs.

     

 

If you have any questions, don’t hesitate to contact us

  • Evidence package available on request: risk assessment summary, encryption and logging architecture, incident response plan, and copies of BAAs.
  • Breach notification support: we coordinate timely notifications and remediation to meet HIPAA obligations.
  • How to proceed: request our BAA and evidence package or schedule a security briefing to review integration and your practice responsibilities.

 

Contact
Email: support@surevisithealth.com
Phone: (512) 593-2014, Mon–Fri: 9:00 AM – 5:00 PM CT

 

Key reminder: SureVisit Health ensures a secure platform, infrastructure, and transmission of data. Covered entities must maintain local administrative and technical controls (user provisioning, workstation security, and minimum‑necessary access) to preserve end‑to‑end HIPAA compliance.