Back to Home

HIPAA Compliance

Our commitment to protecting your health information.

Last Updated: February 5, 2026

HIPAA Compliant Platform

MedNex maintains full compliance with HIPAA regulations to protect your Protected Health Information (PHI).

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. HIPAA includes:

  • Privacy Rule: Establishes standards for protecting individuals' medical records and other personal health information
  • Security Rule: Sets standards for protecting electronic personal health information (ePHI)
  • Breach Notification Rule: Requires notification following a breach of unsecured PHI
  • Enforcement Rule: Contains provisions relating to compliance and investigations

Our Commitment

MedNex is fully committed to maintaining the confidentiality, integrity, and availability of all Protected Health Information (PHI) that we create, receive, maintain, or transmit. We implement comprehensive administrative, physical, and technical safeguards to ensure HIPAA compliance.

Administrative Safeguards

Security Officer

Designated HIPAA Security Officer responsible for developing and implementing security policies.

Employee Training

All employees receive HIPAA training upon hire and annual refresher courses.

Policies & Procedures

Comprehensive written policies governing the use and disclosure of PHI.

Risk Assessment

Regular risk assessments to identify and mitigate potential vulnerabilities.

Physical Safeguards

  • Secure data centers with 24/7 physical security and surveillance
  • Biometric access controls and visitor management
  • Environmental controls (fire suppression, climate control)
  • Workstation security policies and clean desk requirements
  • Secure disposal of hardware containing PHI

Technical Safeguards

Data Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit.

Access Controls

Role-based access control (RBAC) ensuring users only access necessary information.

Multi-Factor Authentication

MFA required for all user accounts to prevent unauthorized access.

Audit Logging

Comprehensive audit trails tracking all access to and modifications of PHI.

Automatic Session Timeout

Inactive sessions automatically terminate to prevent unauthorized access.

Business Associate Agreements

All third-party vendors and service providers who may access PHI are required to sign Business Associate Agreements (BAAs) that ensure they:

  • Implement appropriate safeguards to protect PHI
  • Report any security incidents or breaches promptly
  • Ensure their subcontractors also comply with HIPAA
  • Return or destroy PHI upon contract termination

Breach Notification

In the event of a breach of unsecured PHI, MedNex will:

  • Notify affected individuals within 60 days of discovery
  • Report to the Secretary of HHS as required by law
  • For breaches affecting 500+ individuals, notify prominent media outlets
  • Conduct a thorough investigation and implement corrective measures
  • Document the breach and maintain records for 6 years

Your HIPAA Rights

Under HIPAA, you have the right to:

Access Your Records

Obtain copies of your health information within 30 days of request.

Request Amendments

Ask for corrections to inaccurate information in your records.

Disclosure Accounting

Receive a list of who has accessed your health information.

Request Restrictions

Limit how your information is used or shared.

Confidential Communications

Request communications through specific channels or locations.

File Complaints

Report concerns to us or the HHS Office for Civil Rights.

Contact Our Privacy Officer

For HIPAA-related questions or to exercise your rights:

Email: hipaa@mednexapp.com
Address: 10560 NW 27th St, Unit 101, Doral, Florida 33172
Phone: (305) 209-0001

Return to Home