HIPAA Notice of Privacy Practices

Our Role Under HIPAA

Staffing For Doctors, Inc. provides virtual staffing services to healthcare practices. When our placed staff access, use, or disclose Protected Health Information (PHI) on behalf of your practice, we act as your Business Associate under HIPAA.

As a Business Associate, we are required to:

• Use and disclose PHI only as permitted by our BAA with you and as required by law
• Implement appropriate safeguards to protect PHI
• Report any breach or security incident involving PHI
• Ensure that any subcontractors who access PHI are bound by the same obligations
• Return or destroy PHI upon termination of our agreement

How We Use and Disclose PHI

We only use or disclose PHI as directed by your practice and as permitted under your BAA. Common permitted uses include:

• Performing services on your behalf, such as scheduling, documentation, prior authorization, and billing support
• Providing oversight and quality assurance of placed staff performance
• As required by law, including public health activities or law enforcement

We do not use or disclose PHI for our own marketing purposes or sell PHI to third parties.

Safeguards We Maintain

We implement the following to protect PHI:

• Technical safeguards: 256-bit SSL encryption, multi-factor authentication, role-based access controls, and encrypted communications
• Physical safeguards: Audited workstations and device security requirements for all placed staff
• Administrative safeguards: Mandatory HIPAA training for all staff before placement, annual refreshers, and incident response procedures
• Subcontractor agreements: All vendors who may access PHI are bound by equivalent protections

For a deeper look at how we keep these controls audit-ready, see our guide to HIPAA audit log requirements for virtual medical staff.

Breach Notification

In the event of a breach involving PHI, Staffing For Doctors will notify the affected Covered Entity (your practice) without unreasonable delay and no later than 60 calendar days after discovery of the breach, as required by the HIPAA Breach Notification Rule.

To report a potential breach or security concern, contact us immediately at info@staffingfordoctors.com or 833-503-1289.

Business Associate Agreement (BAA)

We execute a Business Associate Agreement with every client practice before any staff placement occurs. The BAA defines the permitted uses and disclosures of PHI, our obligations, and the obligations of both parties under HIPAA.

To request a copy of our standard BAA or to discuss your specific requirements, contact us at info@staffingfordoctors.com.

Staff Training and Certification

Every virtual assistant, scribe, and coordinator placed by Staffing For Doctors completes mandatory HIPAA certification before their first day. This training covers:

• What constitutes PHI and how to identify it
• Permitted and prohibited uses and disclosures
• Minimum necessary standards
• Security incident reporting procedures
• Patient rights under HIPAA

Annual refresher training is required for all active placements.

Your Practice's Rights

As a Covered Entity, your practice retains the right to:

• Receive notice of any breach or unauthorized use/disclosure of PHI
• Terminate the BAA if we materially breach our obligations
• Request documentation of our HIPAA safeguards and training programs
• Audit our compliance upon reasonable notice

Contact Our Privacy Officer

For questions about this notice, our HIPAA practices, or to report a concern:

• Email: info@staffingfordoctors.com
• Phone: 833-503-1289
• Mail: Staffing For Doctors, Inc., 10850 Wilshire Blvd, Los Angeles, CA 90024

To file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights: hhs.gov/ocr/complaints. We will not retaliate against you for filing a complaint.