HIPAA Statement

Our commitment to protecting health information

HIPAA Statement

Our Commitment to HIPAA Compliance

CrisPRO is committed to protecting the privacy and security of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations.

HIPAA Compliance Framework

Administrative Safeguards

  • Security Officer designation and responsibilities
  • Workforce training and access management
  • Information access management procedures
  • Security awareness and training programs
  • Security incident procedures
  • Contingency plans for emergencies

Physical Safeguards

  • Facility access controls
  • Workstation use restrictions
  • Device and media controls
  • Secure data centers with restricted access

Technical Safeguards

  • Access control systems
  • Audit controls and monitoring
  • Integrity controls for PHI
  • Person or entity authentication
  • Transmission security measures

Business Associate Agreements

CrisPRO enters into Business Associate Agreements (BAAs) with covered entities to ensure:

  • Appropriate safeguards for PHI
  • Compliance with HIPAA requirements
  • Proper use and disclosure limitations
  • Incident reporting procedures

Patient Rights

Under HIPAA, patients have the right to:

  • Access their PHI
  • Request amendments to their PHI
  • Request restrictions on use and disclosure
  • Request confidential communications
  • File complaints about privacy practices

Data Handling Practices

Minimum Necessary Standard

We access, use, and disclose only the minimum amount of PHI necessary to accomplish the intended purpose.

De-identification

When possible, we use de-identified health information to reduce privacy risks.

Breach Notification

We have procedures in place to detect, report, and respond to breaches of PHI.

Training and Awareness

All CrisPRO employees receive regular HIPAA training covering:

  • Privacy and security requirements
  • Proper handling of PHI
  • Incident reporting procedures
  • Patient rights and responsibilities

Contact

For HIPAA-related questions or to report a privacy concern, please contact our Privacy Officer at jedi@jedilabs.org.

Effective Date: July 20, 2025

Related Pages

Have questions?

Contact Us