Compliance

HIPAA Compliance Notice

RCMAXIS Health Services is committed to protecting the privacy and security of Protected Health Information (PHI) in full compliance with HIPAA regulations.

Our HIPAA Commitment

As a Business Associate to healthcare providers across the United States, RCMAXIS Health Services adheres to all requirements of the Health Insurance Portability and Accountability Act (HIPAA), including the Privacy Rule, Security Rule, and Breach Notification Rule.

100%
HIPAA Compliant
SOC 2
Type II Certified
256-bit
AES Encryption
24/7
Security Monitoring

Business Associate Agreements

RCMAXIS executes Business Associate Agreements (BAAs) with all healthcare provider clients before accessing or processing any PHI. Our BAAs comply with 45 CFR 164.504(e) and clearly define permitted uses, safeguards, and breach notification obligations.

Administrative Safeguards

  • Designated HIPAA Privacy and Security Officers
  • Comprehensive workforce training on HIPAA requirements (annual + onboarding)
  • Documented policies and procedures for PHI handling
  • Regular risk assessments and security audits
  • Sanctions policy for workforce violations
  • Incident response and breach notification procedures

Technical Safeguards

  • Unique user identification and multi-factor authentication
  • Role-based access controls with minimum necessary standard
  • Automatic session timeouts and workstation security
  • Audit logging and monitoring of all PHI access
  • 256-bit AES encryption for data at rest and TLS 1.3 for data in transit
  • Secure backup and disaster recovery procedures

Physical Safeguards

  • Controlled facility access with biometric authentication
  • CCTV surveillance of all work areas
  • Clean desk policy enforcement
  • Secure disposal of physical media containing PHI
  • Visitor access controls and escort requirements

Breach Notification

In the event of a breach of unsecured PHI, RCMAXIS will notify affected covered entities within 24 hours of discovery, well within the 60-day HIPAA requirement. Our incident response team conducts thorough investigations and provides detailed breach reports including scope assessment, mitigation steps, and preventive measures.

Your Rights Regarding PHI

As a patient of our healthcare provider clients, you have the right to:

  • Request access to your medical records
  • Request amendments to your health information
  • Receive an accounting of disclosures
  • Request restrictions on certain uses of your PHI
  • File a complaint if you believe your privacy rights have been violated

Please direct all patient privacy requests to your healthcare provider. For questions about our HIPAA compliance program, contact our Privacy Officer at yagnesh@rcmaxis.com.