CareLink is designed to comply with all Security Requirements for storing and transmitting Protected Health Information (PHI). CareLink takes great care to ensure that data communicated between care facilities and our providers is submitted and stored securely.
PHI transmitted to CareLink systems is protected using industry-standard encryption (TLS 1.2 or higher). CareLink’s infrastructure incorporates layered security controls and redundant backup capabilities designed to support the confidentiality, integrity, and availability of electronic protected health information.
To support the protection of PHI, CareLink has implemented a security architecture that includes secure application access, encrypted communications, and authenticated database connections. These controls are designed to provide:
House Calls of Arizona, LLC dba CareLink Mobile Practice Manager (“CareLink,” “we,” “our,” or “us”) provides cloud-based software services designed to support healthcare operations. CareLink acts as a Business Associate as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and is committed to maintaining administrative, physical, and technical safeguards designed to protect the confidentiality, integrity, and availability of protected health information (“PHI”).
This statement summarizes the measures CareLink has implemented to support HIPAA compliance. It does not modify or replace any Business Associate Agreement (BAA) or customer contract.
My Mobile Practice Manager Administrative, Physical and Technical Safeguards
CareLink maintains written administrative, technical, and physical safeguards consistent with the HIPAA Security Rule. These include documented policies and procedures, workforce training, access management, and ongoing risk management activities.
Access to systems that may contain PHI is restricted to authorized users through unique user credentials. Role-based permissions are used to limit access to information based on job function. Customers are responsible for managing their internal users and ensuring appropriate access levels.
CareLink is hosted in US Based secured data center environments with layered physical and electronic security controls designed to reduce the risk of unauthorized access, environmental threats, and service disruption.
CareLink systems are monitored to support availability, detect unauthorized activity, and maintain audit records of system access.
Application Security, Encryption, and Data Backup
CareLink employs commercially reasonable technical controls to protect electronic PHI, including:
CareLink maintains documented backup and recovery processes intended to support system availability and data integrity. Backups are performed regularly and stored in secured environments separate from production systems.
No system can be guaranteed to be completely secure. CareLink’s safeguards are designed to reduce risk and support compliance with applicable HIPAA Security Rule requirements.
My Mobile Practice Manager Fax Security Measures
CareLink provides secure electronic fax and messaging functionality intended to support HIPAA-compliant workflows. Safeguards include:
Message and fax retention is governed by system configuration and customer usage. Copies of information may exist within audit logs, backups, or continuity systems in accordance with documented retention and recovery practices.
Customers are responsible for configuring retention and access controls in a manner consistent with their compliance obligations.
Use of Subcontractor and Third Parties
CareLink may engage subcontractors to support hosting, infrastructure, support services, and platform operations. All CareLink services, including hosting, software development, and technical support, are based in the United States. CareLink does not use offshore contractors, and PHI is not shared with or accessed by any non-U.S. based workforce or service provider.
Where subcontractors may have access to PHI, CareLink maintains Business Associate Agreements or equivalent contractual safeguards as required by HIPAA.
Access by subcontractors is limited to the minimum necessary to perform contracted services and is subject to security, confidentiality, and compliance requirements.
CareLink may use and disclose PHI as permitted by HIPAA to support treatment, payment, and healthcare operations on behalf of its customers.
Annual HIPAA Risk Assessment
CareLink conducts periodic risk assessments consistent with the HIPAA Security Rule to evaluate potential threats and vulnerabilities to electronic PHI. These assessments support the ongoing implementation of security measures, policies, and risk mitigation activities.
For questions regarding this HIPAA statement please email us at hipaa@mymobilepracticemanager.com