Do you sign HIPAA, BAA, or other confidentiality agreements?
We maintain ongoing compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and is able to process, maintain and store protected health information for any entities restricted by these regulations. On request, we will sign a business associate agreement (BAA) with your organization. HIPAA support is currently only available on a Business Plan.
Please note that we will provide you our BAA for you to sign.
Do you have a copy of the BAA for my legal counsel to review?
Yes, you can find our Business Associate Agreement in our terms section. Please note that the BAA is only for review and must be signed by both parties before it can go into effect.
Can a government agency use VPM as a Business Associate?
We do not work with government agencies acting as Covered Entities in this relationship. If you are a government agency, please note we would not be able to service your needs in this case.
Where is VPM customer data hosted?
Our entire infrastructure is hosted on Amazon Web Services (AWS), which is a highly scalable cloud computing platform with privacy and end-to-end security built in. AWS is also HIPAA compliant.
What sort of security is in place?
Please see our Data Processing Addendum for full details on how we store and process your data.
In addition, all physical mail is trashed in secure and locked trash bins. We have mobile shredding companies who shred all mail on-site.
Will you sign our company's BAA instead of using VPM's BAA?
No, unfortunately we do not use your company's BAA. This is because using your company's BAA will require us to get our lawyer to review the agreement. The effort and cost involved is not worth the price that we charge you.