top of page

IV ME UP
HIPAA Compliance Policy

Last updated: June 8, 2025

Sunset

IV ME UP is fully committed to maintaining the confidentiality, integrity, and availability of Protected Health Information (“PHI”) in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and their implementing regulations (45 C.F.R. Parts 160 and 164), as well as applicable state laws governing health information.

1. Purpose

This policy outlines IV ME UP’s practices and obligations related to the collection, use, disclosure, and protection of PHI, ensuring that patient information is handled in compliance with all relevant laws.

 

2. Scope

This policy applies to all IV ME UP employees, contractors, licensed medical professionals, and any other workforce members or agents who may have access to PHI in the course of providing services.

 

3. Definition of PHI

Protected Health Information (PHI) includes any individually identifiable health information transmitted or maintained in any form, whether electronic, paper, or oral, that relates to:

  • The individual’s past, present, or future physical or mental health or condition;
     

  • The provision of health care to the individual; or
     

  • The past, present, or future payment for the provision of health care to the individual.

 

4. Permitted Uses and Disclosures of PHI

IV ME UP may use and disclose PHI for the following purposes without patient authorization:

  • Treatment: Coordinating or managing care with other healthcare providers.
     

  • Payment: Billing and collecting for services rendered.
     

  • Healthcare Operations: Quality assessments, credentialing, training, and operational management.
     

Other uses or disclosures require explicit, written authorization by the patient or legally authorized representative, which may be revoked at any time in writing.

 

5. Minimum Necessary Standard

We limit access to PHI to the minimum necessary information needed to perform a given function. Staff receive training on appropriate data access levels according to their roles.

 

6. Safeguards

IV ME UP implements reasonable and appropriate:

  • Administrative safeguards: HIPAA training, policies, access controls.
     

  • Technical safeguards: Encrypted communications, password-protected systems, role-based access.
     

  • Physical safeguards: Secure storage areas, limited facility access, locked file cabinets.

 

7. Patient Rights

Under HIPAA, patients have the following rights:

  • Access to inspect or receive a copy of their PHI
     

  • Request correction/amendment of incorrect or incomplete PHI
     

  • Request restrictions on certain uses and disclosures
     

  • Request confidential communication by alternative means or locations
     

  • Receive an accounting of disclosures
     

  • Receive a copy of this HIPAA Policy and our Notice of Privacy Practices
     

Requests may be submitted in writing to the Privacy Officer (see Section 10).

 

8. Third-Party Disclosures & Business Associates

IV ME UP utilizes secure third-party platforms such as Square (for payment processing) and IntakeQ (for electronic intake and medical record management) to deliver and support our services. These platforms are independently responsible for maintaining HIPAA compliance and safeguarding any Protected Health Information (PHI) they process on our behalf. While we do not enter into formal Business Associate Agreements (BAAs) with these platforms directly, we only partner with vendors who publicly represent and document their compliance with applicable data privacy and security standards.

 

9. Data Breaches & Notification

IV ME UP will notify affected individuals, the Secretary of Health and Human Services, and (when required) the media in the event of a breach of unsecured PHI. Notification will occur without unreasonable delay and no later than 60 days from the discovery of the breach.

 

10. Complaints and Contact Information

Individuals who believe their privacy rights have been violated may file a complaint with IV ME UP or directly with the U.S. Department of Health and Human Services (HHS). We will not retaliate against anyone who files a complaint.

Contact for HIPAA-related inquiries or complaints:
Privacy Officer – IV ME UP
Email: info@ivmeup.com
Phone: (949) 478-5188

 

11. Enforcement and Sanctions

Violations of this HIPAA Policy by staff or contractors may result in disciplinary action, including termination and legal consequences. All workforce members are required to report suspected violations immediately.

 

12. Policy Updates

This policy may be revised at any time to reflect changes in the law or IV ME UP’s operations. The most current version will always be made available via our website and upon request.

bottom of page