HIPAA + HITECH Security Features Statement

YourMD Telehealth complies with HIPAA (45 CFR Part 160 & 164) and HITECH Act security requirements for telehealth, e-prescribing, and PHI protection.

Administrative Safeguards

Workforce Training

Mandatory HIPAA/HITECH training for all personnel
Annual security awareness refreshers
Role-specific privacy training
Incident response drills

Access Controls

Role-based access controls (RBAC)
Principle of least privilege
Regular access reviews
Immediate termination procedures

Risk Management

Mandatory annual security risk assessments
Vulnerability scanning and penetration testing
Risk mitigation planning
Third-party vendor assessments

Continuous Monitoring

24/7 security operations center
Real-time breach detection
Automated threat intelligence
Suspicious activity alerts

Physical Safeguards

Data Center Security

Tier III+ HIPAA-compliant data centers
SOC 2 Type II certified facilities
Biometric access controls
24/7 physical security personnel

Facility Access

Multi-factor entry authentication
Visitor escort requirements
Security camera surveillance
Environmental monitoring

Data Backup & Recovery

Redundant off-site encrypted backups
Automated daily backup procedures
Tested disaster recovery plans
99.99% uptime SLA

Technical Safeguards

Encryption Standards

At Rest: AES-256 encryption
In Transit: TLS 1.3 protocol
Key management with HSM
Certificate pinning

User Authentication

Multi-Factor Authentication (MFA)

SMS/Voice verification
Authenticator app support
Hardware token compatibility
Biometric options

Time-Based One-Time Passwords (TOTP)

30-second token rotation
RFC 6238 compliant
Backup codes available
QR code enrollment

NIST IAL2 Identity Assurance

Government ID verification
Liveness detection
Knowledge-based authentication
Address verification

Platform Security

reCAPTCHA v3: Advanced bot detection
Anomaly Detection: ML-powered unauthorized login detection
Intrusion Prevention: Real-time threat blocking
Anti-phishing: Domain monitoring and email security

Audit Trail & Compliance

PHI Access Logging

Who accessed what data
When access occurred
What actions were taken
Source IP and device

Provider Activity

Login/logout events
Patient record views
Prescription history
System modifications

System Events

Security incidents
Failed login attempts
Permission changes
Data exports

All audit logs are retained per HIPAA 45 CFR §164.312(b) requirements (minimum 6 years)

Incident Response & Breach Notification

0-1 Hour

Detection & Containment

Automated detection systems identify and contain potential breaches

1-24 Hours

Initial Assessment

Security team evaluates scope and impact of incident

24-72 Hours

Notification

Affected users notified per HITECH Act requirements

72+ Hours

Remediation

Full forensic review and security improvements implemented

Certifications & Compliance

HIPAA Compliant

HITECH Certified

SOC 2 Type II

NIST 800-53

Security Questions?

For security inquiries or to report a concern:

YourMD Security Team
📧 security@yourmd.online
📞 Security Hotline: (702) 430-7801

For urgent security matters, please call immediately.

Return to Home Privacy Policy