Security & Compliance

HIPAA Compliance

Last Updated: April 2026

What HIPAA Means for Your Practice

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes standards for protecting sensitive patient health information (PHI). Any entity handling PHI — including medical billing companies — must implement appropriate safeguards to ensure confidentiality, integrity, and availability of that information.

ClaimCure's Role as a Business Associate

As a medical billing company, Claim Cure Billing LLC operates as a HIPAA Business Associate. We are legally bound to protect PHI on behalf of our clients (covered entities) and assume the same obligations and liabilities for safeguarding patient information.

Business Associate Agreements (BAAs)

ClaimCure executes a BAA with every client before accessing any PHI. Our BAAs cover:

  • Permitted uses and disclosures of PHI
  • Required administrative, physical, and technical safeguards
  • Breach notification obligations and timelines
  • Return or destruction of PHI upon contract termination
  • Subcontractor compliance requirements

Our Technical Safeguards

  • End-to-end encryption (AES-256) for data at rest and in transit
  • Role-based access controls — staff access only necessary PHI
  • Multi-factor authentication (MFA) for all staff accessing PHI
  • Encrypted transmission over HTTPS/TLS
  • Secure data centers with physical access controls and surveillance
  • Automated audit logging of all PHI access and modifications

Our Administrative Safeguards

  • Annual HIPAA training mandatory for all employees and contractors
  • Designated Privacy Officer and Security Officer
  • Comprehensive written policies and procedures for PHI handling
  • Workforce sanction policy for HIPAA violations
  • Regular internal audits and risk assessments
  • Incident response plan with defined escalation procedures

ISO 27001 Certification

ClaimCure maintains ISO 27001 certification — the international standard for information security management. This means our security controls are independently audited, we maintain documented policies, and we operate within a continuous improvement framework.

Breach Notification Policy

In the unlikely event of a data breach involving PHI, ClaimCure will:

  • Notify affected clients within 60 days per the HIPAA Breach Notification Rule
  • Provide a detailed incident report
  • Support notification to affected patients and HHS if required
  • Implement corrective actions to prevent recurrence

Patient Rights & PHI Requests

Patients should contact their healthcare provider directly for PHI access requests. As a Business Associate, ClaimCure handles PHI at the direction of our covered entity clients.

Contact for HIPAA Questions

  • Email: info@claim-cure.com
  • Phone: (732) 626-8828
  • Address: 15 York Drive, Edison, New Jersey 08817