HIPAA Compliance

Last Updated: March 19, 2024

1. HIPAA Overview

SupervisionCompass is committed to maintaining the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

2. Our Role

As a platform facilitating clinical supervision, we may act as a Business Associate to healthcare providers. We maintain appropriate safeguards to protect PHI and comply with HIPAA requirements.

3. Administrative Safeguards

  • Designated HIPAA compliance officer
  • Regular workforce training on privacy and security
  • Comprehensive policies and procedures
  • Risk assessment and management
  • Incident response procedures

4. Physical Safeguards

  • Secure data centers with controlled access
  • Environmental controls and monitoring
  • Device and media controls
  • Workstation security measures

5. Technical Safeguards

  • Encryption of data in transit and at rest
  • Multi-factor authentication
  • Access controls and audit logs
  • Secure communication protocols
  • Regular security updates and patches

6. Privacy Practices

  • Minimum necessary use and disclosure
  • Individual rights protection
  • Notice of privacy practices
  • Breach notification procedures

7. Business Associate Agreements

We enter into Business Associate Agreements (BAAs) with covered entities and other business associates as required by HIPAA. These agreements ensure appropriate safeguards for PHI.

8. Incident Response

In the event of a potential breach of PHI, we have established procedures for:

  • Immediate assessment and containment
  • Notification to affected individuals
  • Reporting to regulatory authorities
  • Documentation and investigation

9. User Responsibilities

Users of our platform must:

  • Maintain the confidentiality of PHI
  • Use secure communication methods
  • Report potential breaches immediately
  • Comply with applicable privacy laws

10. Training and Awareness

We provide regular training to our workforce on HIPAA requirements and maintain awareness of privacy and security best practices.

11. Audits and Monitoring

We conduct regular audits and monitoring to ensure compliance with HIPAA requirements and identify potential security vulnerabilities.

Contact Information

For questions about our HIPAA compliance, please contact:

Arkline Systems, LLC
Email: hipaa@arklinesystems.com