Back to Legal
Healthcare Compliance

HIPAA Compliance

Last updated: January 1, 2025

BAA available on requestHIPAA-trained professionals24hr breach notificationNDA before every placement

What Is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law that establishes national standards for the protection of sensitive patient health information (PHI). Any organisation that handles PHI on behalf of a covered entity is considered a Business Associate and must comply with HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule.

BAA Available

Breeze.io as a Business Associate

When Breeze.io places professionals with healthcare clients who handle PHI, we act as a Business Associate under HIPAA. We are prepared to execute a Business Associate Agreement (BAA) with any covered entity client prior to an engagement beginning. Our BAA outlines each party's responsibilities with respect to PHI, including permitted uses and disclosures, safeguards required, and breach notification obligations.

Professional Vetting for Healthcare Roles

All professionals placed in healthcare-related roles go through an enhanced vetting process: • HIPAA awareness training verification • Background checks with healthcare-specific screening • NDA execution covering PHI handling • Skills assessment for prior authorisation, medical billing, EHR systems, and patient scheduling Professionals are not presented to healthcare clients until all vetting steps are completed and verified.

Data Handling Standards

Breeze.io and its placed professionals adhere to strict standards when handling PHI: • PHI is accessed only on a need-to-know basis • Professionals use client-provided, HIPAA-compliant systems only • PHI is never stored, transmitted, or shared outside of approved client systems • Any suspected breach of PHI is reported to the client within 24 hours of discovery

Security Safeguards

We require that all healthcare placements operate within environments that maintain: • Administrative safeguards: role-based access controls, workforce training, and incident response procedures • Physical safeguards: secure workstation use and device controls • Technical safeguards: encryption, audit controls, and automatic logoff

Breach Notification

In the event of a suspected or confirmed breach involving a Breeze-placed professional, we will: • Notify the affected client within 24 hours of discovery • Provide a written incident report within 5 business days • Cooperate fully with the client's breach response and any regulatory investigation • Take immediate corrective action with the relevant professional

Requesting a BAA

If you are a covered entity and require a signed Business Associate Agreement, contact us at legal@breeze.io. We will provide and execute a BAA prior to any engagement beginning.