🔒 HIPAA-Ready Platform

HIPAA Compliance Statement

How Praxamed is built to protect patient health information and support your practice's HIPAA compliance obligations.

Important: This document describes Praxamed's technical infrastructure and security practices. HIPAA compliance requires both appropriate technology and proper administrative policies from your practice. Consult a qualified HIPAA compliance professional for guidance specific to your situation. This is not legal advice.

Business Associate Agreements (BAA)

Praxamed signs Business Associate Agreements with healthcare practices that use our platform to handle Protected Health Information. A BAA is required by HIPAA before sharing PHI with any vendor.

To request a BAA, contact: privacy@praxamed.com

Start Free Trial + Request BAA

How Praxamed Protects Patient Health Information

🔒

Technical Safeguards

  • AES-256 encryption for all data at rest
  • TLS 1.2+ encryption for all data in transit
  • Role-based access controls (staff see only what their role requires)
  • Comprehensive audit logs for all PHI access (who, what, when)
  • Automatic session timeouts after inactivity
  • Multi-factor authentication (MFA) support
  • Secure credential storage with bcrypt hashing
  • Regular security patching and vulnerability management
🏢

Physical Safeguards

  • Cloud infrastructure hosted in SOC 2 Type II certified data centers
  • Physical access controls managed by cloud infrastructure provider
  • Geographic redundancy for data availability
  • No on-premise servers to secure at practice locations
📋

Administrative Safeguards

  • Business Associate Agreements available for all covered entities
  • Data processing agreements with all subprocessors
  • Employee training on HIPAA requirements
  • Documented breach notification procedures
  • Regular review of security policies and procedures
  • Vendor risk management for subprocessors

HIPAA Frequently Asked Questions

Is Praxamed HIPAA compliant?

Praxamed is built on HIPAA-ready infrastructure and follows HIPAA Security Rule requirements for technical safeguards. We sign Business Associate Agreements with covered entities. Note: HIPAA compliance requires both technical infrastructure and proper administrative policies from your practice.

Does Praxamed sign a Business Associate Agreement (BAA)?

Yes. Praxamed signs Business Associate Agreements with healthcare practices that use our platform to handle Protected Health Information. Contact privacy@praxamed.com to request a BAA.

How does Praxamed protect patient data?

Patient data in Praxamed is protected with AES-256 encryption at rest and TLS 1.2+ encryption in transit. We implement role-based access controls, comprehensive audit logging, session management with automatic timeouts, and multi-factor authentication support.

What are my practice's responsibilities for HIPAA compliance?

HIPAA compliance is a shared responsibility. Praxamed provides HIPAA-ready technical infrastructure, but your practice is responsible for administrative safeguards including: designating a HIPAA Privacy and Security Officer, conducting annual risk assessments, training staff on HIPAA requirements, maintaining written policies and procedures, and having a documented breach response plan. Technology alone does not make a practice HIPAA compliant.

Does Praxamed disclose patient data to third parties?

Praxamed does not sell or share PHI for marketing or research purposes. PHI is shared only as directed by the practice (e.g., clearinghouse submission for insurance claims) or as required by law. We maintain data processing agreements with all subprocessors that handle PHI.

Security Incident & Breach Notification

In the event of a security incident affecting PHI, Praxamed will notify affected practices in accordance with HIPAA's Breach Notification Rule, which requires notification to affected individuals and HHS within 60 days of discovery.

To report a security concern or suspected breach: security@praxamed.com

Privacy PolicyTerms of ServiceHIPAA Compliance Guide← Back to Home