HIPAA Compliance Statement
Protecting Patient Privacy and Securing Healthcare Operations
My Commitment to Healthcare Privacy
Oregon Counselor Directory is built on a foundation of trust, prioritizing the security and confidentiality of patient and provider data. While the directory operates as a directory service and are not inherently a direct Covered Entity under HIPAA, I voluntarily adhere to rigorous HIPAA-compliant standards to protect the integrity of the platform and secure any transmission of Protected Health Information (PHI).
Technical Safeguards
- Encryption in Transit: TLS 1.3 protected communications
- Encryption at Rest: AES-256 standard encryption
- Access Controls: Role-based Bcrypt hashing
- Audit Logging: Granular threat identifying tracking
Business Associate Agreements
The directory operates on modern cloud infrastructure utilizing vendors who support HIPAA-compliant environments. Where applicable, I establish Business Associate Agreements (BAAs) with third-party vendors to ensure a continuous chain of security and compliance.
Administrative & Safeguards
Access to backend systems is strictly monitored and limited to authorized personnel using multi-factor authentication. Server environments are hosted within ISO 27001-certified and SOC 2 Type II compliant data centers with biometric security.
Secure Lead Generation
When patients contact verified Growth or Pro tier providers:
- Directory acts as intermediary; PHI not permanently stored
- Providers must ensure their own compliant reception systems
Provider Responsibility
It is the explicit responsibility of individual practitioners and clinics utilizing Oregon Counselor Directory to maintain their own HIPAA compliance regarding the reception, storage, and processing of patient data acquired through this platform.
Reporting & Contact
If you believe there has been a breach of unsecured protected health information or have questions regarding the security protocols, please contact me directly.
support@orcounselors.com