Skip to main content

HIPAA Compliance & Data Security

MEDOMENT CARE is committed to maintaining the highest standards of data security and HIPAA compliance to protect patient health information.

Last Updated: January 16, 2025

Our Commitment to HIPAA Compliance

MEDOMENT CARE is a technology platform for healthcare providers. Not for medical emergencies or urgent care. We take data security seriously and implement comprehensive measures to protect patient health information (PHI).

Important Notice:

MEDOMENT CARE is a technology platform providing healthcare providers with tools to deliver virtual care. Not for medical emergencies or urgent care. Contact your provider directly for medical questions.

Business Associate Agreement (BAA)

We execute Business Associate Agreements (BAAs) with all healthcare providers and covered entities we serve, ensuring HIPAA compliance throughout our service delivery.

BAA Coverage Includes:

  • Safeguarding of Protected Health Information (PHI)
  • Use and disclosure limitations
  • Security incident reporting procedures
  • Subcontractor management requirements
  • Breach notification obligations
  • Access and amendment rights

HIPAA Security Safeguards

Technical Safeguards

  • End-to-end encryption (AES-256)
  • TLS 1.3 for data in transit
  • Multi-factor authentication (MFA)
  • Role-based access controls
  • Automatic session timeouts

Physical Safeguards

  • SOC 2 Type II certified data centers
  • 24/7 physical security monitoring
  • Biometric access controls
  • Redundant power and cooling
  • Secure disposal procedures

Administrative Safeguards

  • Regular HIPAA training programs
  • Risk assessment and management
  • Incident response procedures
  • Workforce security policies
  • Business associate management

Data Protection Measures

Encryption Standards

All PHI is encrypted both at rest and in transit using industry-leading encryption standards:

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for video consultations

Access Controls

We implement strict access controls to ensure only authorized personnel can access PHI:

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required
  • Automatic session timeouts
  • Principle of least privilege

Audit Controls

Comprehensive logging and monitoring to track all access to PHI:

  • Detailed audit logs of all PHI access
  • Real-time security monitoring
  • Automated anomaly detection
  • Regular audit log reviews

Infrastructure & System Security

Data Center Security

Our infrastructure is hosted in SOC 2 Type II certified data centers with enterprise-grade security:

  • 24/7 physical security and surveillance
  • Biometric access controls and visitor logs
  • Redundant power, cooling, and network systems
  • Fire suppression and environmental monitoring
  • Regular penetration testing and vulnerability assessments

System Integrity & Availability

  • 99.9% uptime SLA with redundant systems
  • Real-time system monitoring and alerting
  • Automated failover and disaster recovery
  • Regular security patches and updates
  • Network segmentation and firewalls

Backup & Disaster Recovery

  • Automated daily backups with encryption
  • Geographically distributed backup locations
  • Regular disaster recovery testing
  • Recovery Time Objective (RTO) of 4 hours
  • Recovery Point Objective (RPO) of 1 hour

Breach Notification Procedures

In the unlikely event of a data breach involving PHI, we follow strict HIPAA breach notification requirements:

Immediate Response (0-24 hours)

  • 1.Incident detection and containment
  • 2.Internal incident response team activation
  • 3.Preliminary impact assessment

Investigation (24-60 hours)

  • 1.Forensic analysis of the breach
  • 2.Determination of affected individuals
  • 3.Notification to covered entities (within 60 days)

Remediation & Prevention

  • 1.Root cause analysis
  • 2.Implementation of corrective measures
  • 3.Updated security controls and training

Supporting Patient Rights

MEDOMENT CARE provides tools to help healthcare providers honor patient rights under HIPAA:

Right to Access

Patients can request copies of their health records through their healthcare provider.

Right to Amendment

Patients can request corrections to their health information if they believe it's incorrect.

Right to Accounting

Patients can request a list of certain disclosures of their PHI.

Right to Restriction

Patients can request restrictions on certain uses and disclosures of their PHI.

Note: Patient rights requests should be directed to your healthcare provider. MEDOMENT CARE assists providers in fulfilling these rights through our platform's functionality.

Contact Us

For questions about our HIPAA compliance measures or to report a security concern:

Technical Support:

Email: support@medoment.com

Security Concerns:

Email: security@medoment.com

Medical Questions:

Contact your provider directly

By using this platform, you acknowledge reading and understanding this disclaimer.