Federal Healthcare Compliance

HIPAA Compliance Statement

Codes-For-MD's unwavering commitment to securing Protected Health Information (PHI) and maintaining enterprise healthcare integrity.

HIPAA Compliant Architecture

Codes-For-MD's software platforms, claim scrubbers, and professional RCM workflows are fully certified and engineered to exceed federal HIPAA security mandates.

Our HIPAA Commitment

Codes-For-MD is steadfast in maintaining the utmost confidentiality, integrity, and availability of all Protected Health Information (PHI) entrusted to our care. We adhere strictly to the regulations mandated by the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Health Information Technology for Economic and Clinical Health (HITECH) Act, and subsequent modifications enacted by the Department of Health and Human Services (HHS).

Administrative Safeguards

We enforce rigorous internal governance and administrative policies to ensure organizational compliance:

  • Designated Compliance Officers: Active appointment of dedicated HIPAA Privacy and Security Officers overseeing all operational workflows.
  • Mandatory Workforce Training: Comprehensive annual HIPAA security training and certification required for all medical billers, software engineers, and administrative personnel.
  • Access Authorization: Strict formal vetting, background checks, and documented authorization procedures for employees handling PHI.
  • Risk Assessments: Bi-annual enterprise risk assessments and vulnerability analyses to identify and mitigate emerging security threats.

Physical Safeguards

Codes-For-MD maintains secure physical facilities and certified infrastructure environments:

  • Certified Data Centers: All production servers and databases are hosted in ISO 27001 and SOC 2 Type II certified biometric data centers with 24/7 armed security.
  • Workstation Security: Mandatory encrypted hard drives, automatic screen locks, and restricted physical access to corporate operational floors.
  • Media Sanitization: Strict protocols for the tracking, wiping, and physical shredding of obsolete electronic media or physical billing documents containing PHI.

Technical Safeguards

Our software stack incorporates advanced technical controls to prevent unauthorized electronic access:

  • End-to-End Encryption: All PHI is encrypted at rest using AES-256 and in transit utilizing TLS 1.3 encryption protocols.
  • Identity & Access Management (IAM): Unique user identifiers, mandatory Multi-Factor Authentication (MFA), and automated session timeouts after periods of inactivity.
  • Audit Controls: Immutable, automated logging of all user logins, logouts, patient record accesses, and administrative modifications.
  • Integrity Mechanisms: Checksum verification and database constraints to guarantee that clinical data remains unaltered and uncorrupted.

Business Associate Agreements (BAAs)

As a professional Revenue Cycle Management organization and cloud software vendor, Codes-For-MD executes legally binding Business Associate Agreements (BAAs) with all covered entities, medical practices, and healthcare organizations prior to the transmission or processing of PHI. To request an official BAA for your hospital or clinic, please contact our compliance team.

Breach Notification Protocols

In the highly unlikely event of a security incident or suspected data breach involving unsecured PHI, Codes-For-MD executes a rapid incident response plan. We are legally bound to notify all affected covered entities, clients, and the Secretary of the Department of Health and Human Services (HHS) without unreasonable delay, adhering strictly to the strict timelines established under the HIPAA Breach Notification Rule.

Client & User Responsibilities

To maintain a fully secure ecosystem, partner organizations and individual healthcare providers utilizing Codes-For-MD platforms are responsible for:

  • Safeguarding multi-factor authentication devices and portal login credentials
  • Logging out of active sessions when leaving clinical or administrative workstations
  • Adhering to the "Minimum Necessary" standard when sharing clinical details or claim attachments
  • Promptly reporting any suspected unauthorized access or phishing attempts to Codes-For-MD security

Contact Our Compliance Officers

For BAA execution, security whitepapers, or HIPAA compliance inquiries, please contact our designated officers:

HIPAA Privacy Officer: privacy@codes-for-md.com
HIPAA Security Officer: security@codes-for-md.com