Security Policy 

 

At Turnkey AI Practice Inc, we take the security and privacy of protected health information (PHI) seriously. As a Business Associate, we implement administrative, physical, and technical safeguards designed to comply with the HIPAA Security Rule and protect the confidentiality, integrity, and availability of PHI

​

1. HIPAA Compliance

We maintain controls to protect all PHI created, received, maintained, or transmitted through our systems. These safeguards are designed to protect against reasonably anticipated threats, hazards, and unauthorized uses or disclosures, and to ensure workforce compliance with applicable security requirements

​​

2. Scope of Protection

Our HIPAA security scope includes all internal systems, infrastructure components, and external systems that interact with our sensitive data environment and may impact the confidentiality, integrity, or availability of PHI

​​

3. Business Associate Agreements

We enter into Business Associate Agreements (BAAs) with covered entities and require subcontractors to provide satisfactory assurance that PHI will be appropriately safeguarded before creating, receiving, maintaining, or transmitting PHI on our behalf

​​

4. Breach Response

A breach is defined as the acquisition, access, use, or disclosure of PHI in a manner not permitted under HIPAA that compromises its security or privacy. If a breach of unsecured PHI occurs, we notify covered entities without unreasonable delay and no later than 60 days after discovery and assist with required regulatory notifications

​

5. Policy Governance

Our Information Security Program policies are reviewed and approved at least annually. Required compliance documentation, including breach investigations, is retained for a minimum of six years

​​

For security or privacy inquiries, please contact us at info@turnkeyaipractice.io