Green Doctors

HIPAA Compliance

Last Updated: January 2026

Green Doctors is fully committed to maintaining compliance with the Health Insurance Portability and Accountability Act (HIPAA). We implement comprehensive safeguards to protect your protected health information (PHI) at every level of our platform.

HIPAA compliance

HIPAA-Compliant Healthcare Platform

Industry-leading security for your protected health information

1. Our Commitment to HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards to protect individuals' medical records and other personal health information. As a healthcare technology platform, Green Doctors is classified as a covered entity and maintains full HIPAA compliance across all operations.

Our compliance program encompasses the HIPAA Privacy Rule, Security Rule, Breach Notification Rule, and the HITECH Act. We conduct annual risk assessments, maintain comprehensive policies and procedures, and ensure all team members receive regular training on HIPAA requirements and best practices.

2. Technical Security Safeguards

We implement multiple layers of technical security to protect your health information from unauthorized access, alteration, or disclosure:

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. This ensures your PHI cannot be intercepted or read by unauthorized parties at any point.

Access Controls

Role-based access control (RBAC) ensures that only authorized personnel can access PHI. Multi-factor authentication (MFA) is required for all staff accessing patient records.

Audit Logging

Every access to PHI is logged with timestamps, user identification, and action details. Audit logs are reviewed regularly and retained for a minimum of 6 years as required by HIPAA.

Secure Infrastructure

Our platform is hosted on HIPAA-compliant cloud infrastructure with SOC 2 Type II certification. Regular penetration testing and vulnerability assessments are conducted by third-party security firms.

3. Administrative Safeguards

Beyond technical measures, we maintain comprehensive administrative safeguards to ensure HIPAA compliance throughout our organization:

  • Designated Privacy Officer: A dedicated HIPAA Privacy Officer oversees all privacy-related policies, procedures, and incident response protocols.
  • Staff Training: All employees and contractors receive mandatory HIPAA training upon hire and annual refresher courses. Training covers PHI handling, breach recognition, and incident reporting.
  • Business Associate Agreements (BAAs): We maintain signed BAAs with all third-party vendors who may access or process PHI, including cloud providers, payment processors, and communication platforms.
  • Risk Assessments: Annual comprehensive risk assessments are conducted to identify potential vulnerabilities and implement corrective actions proactively.
  • Incident Response Plan: A documented incident response plan outlines procedures for detecting, reporting, and mitigating any potential data breaches within the required 60-day notification window.

4. Physical Safeguards

We maintain physical safeguards to protect the facilities and equipment where PHI is stored and accessed:

  • Data centers are equipped with 24/7 surveillance, biometric access controls, and environmental monitoring systems.
  • Workstations that access PHI are secured with automatic screen locks, disk encryption, and endpoint detection and response (EDR) software.
  • Disposal of hardware containing PHI follows Department of Defense (DoD) standard data sanitization protocols.
  • Remote access to PHI is only permitted through encrypted VPN connections with multi-factor authentication.

5. Your HIPAA Rights

Under HIPAA, you have important rights regarding your protected health information. We are committed to honoring these rights:

Right to Access

You can request and obtain a copy of your complete health records maintained by Green Doctors within 30 days of your request.

Right to Amend

You can request corrections or amendments to your health records if you believe the information is inaccurate or incomplete.

Right to Restrict

You can request restrictions on certain uses and disclosures of your PHI, including for treatment, payment, or healthcare operations.

Right to Accounting

You can request an accounting of disclosures, which is a list of instances where we shared your PHI with third parties in the past 6 years.

Right to Confidential Communication

You can request that we communicate with you through alternative means or at specific locations to maintain your privacy.

Right to Notice

You have the right to receive a copy of our Notice of Privacy Practices, which describes how we use and protect your health information.

6. Breach Notification

In the unlikely event of a data breach affecting your protected health information, we follow strict breach notification protocols as required by the HIPAA Breach Notification Rule and the HITECH Act:

  • Individual Notice: Affected individuals will be notified in writing within 60 days of discovering the breach, detailing the nature of the breach, types of information involved, and recommended protective steps.
  • HHS Notification: We will report the breach to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights as required by law.
  • Media Notice: If a breach affects more than 500 individuals in a single state, we will issue a media notice to prominent outlets as required.
  • Remediation: Immediate corrective actions will be taken to contain the breach, prevent further exposure, and strengthen our security measures.

7. Filing a Complaint

If you believe your HIPAA rights have been violated or that we have not properly safeguarded your health information, you have the right to file a complaint:

  • With Green Doctors: Contact our Privacy Officer at compliance@greendoctors.com. We will investigate your complaint and respond within 30 days.
  • With HHS: You may also file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

8. Policy Updates

We review and update our HIPAA compliance program annually, or more frequently as regulations change. Any material updates to this compliance page will be communicated through our website. We also conduct quarterly internal audits to ensure ongoing adherence to all HIPAA requirements. Our commitment to protecting your health information is continuous and evolving as security standards and regulations advance.

Have HIPAA-Related Questions?

Our Privacy Officer and compliance team are available to address any questions or concerns about how we protect your health information.

Contact Compliance Team