Effective Date: 5/1/2025

At AstraMD LLC,  protecting patient health information is at the core of our operations. As a company incorporated in the State of Delaware and providing services to healthcare providers, billing companies, and related entities, we fully comply with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

HIPAA is a federal law that mandates the secure handling of Protected Health Information (PHI). It ensures:

· - Privacy of patient data

· - Security of electronic records

· - Notification in case of data breaches

· - Accountability of third-party vendors (Business Associates)

At AstraMD, we take the following steps to ensure HIPAA compliance:

· - Business Associate Agreements (BAAs): All vendors, contractors, and remote employees who may access PHI are required to sign a BAA.

· - Data Security: We use secure systems and best practices to protect PHI in both electronic and physical formats.

· - Access Control: Only authorized personnel can access patient data, and access is logged and monitored.

· - Training: Our team members receive training on HIPAA policies, data handling, and breach prevention.

· - Incident Response: In the unlikely event of a breach, we follow strict notification protocols in compliance with HIPAA Breach Notification Rules.

AstraMD utilizes trained remote employees to support outreach, marketing, and administrative tasks. All remote operations are conducted under strict HIPAA guidelines to protect PHI across borders and platforms.

As required by HIPAA, individuals have the right to:

· - Access and request copies of their health information

· - Request corrections to their records

· - Receive a report of how their data was used or disclosed

· - File complaints regarding potential privacy violations

If you have questions about our HIPAA compliance or wish to report a concern, please contact:

AstraMD LLC
Email: contact@astramd.com
Phone: (510) 315-3759