Security & Compliance

Your Data Is Protected.

We take data security as seriously as we take clinical accuracy. Every system, process, and access point is built around protecting your practice, your patients, and their protected health information (PHI).

Section 1

HIPAA Compliance

✓

HIPAA Certified

Formal training completed by all staff members. Policies documented and reviewed annually.

✓

BAA Executed

Business Associate Agreement signed with every client before any data access.

✓

Minimum Necessary Standard

Access limited to only the patient data required for each specific authorization.

✓

Incident Response Plan

Documented breach notification procedures in compliance with HIPAA requirements.

Section 2

Technology & Access Controls

✓

Encrypted VPN

All EHR and portal sessions conducted via enterprise-level NordLayer VPN.

✓

Secure Credential Management

Bitwarden enterprise vault with two-factor authentication on all devices.

✓

Dedicated EHR Credentials

Jennifer’s own login — never shared access. Full audit trail in your EHR.

✓

Delegate Portal Access

We work through your payer portal accounts under our credentialing — not our own system. Your data stays on your systems.

Section 3

Insurance & Liability

✓

E&O / Professional Liability

Errors & Omissions coverage on all authorization services.

✓

Cyber Liability Coverage

Active policy protecting against data breach, cyber incidents, and related claims.

✓

General Business Liability

Standard commercial coverage for all business operations.

Fully insured for everything we touch — period.

Section 4

Device & Physical Security

✓

Encrypted Drives

BitLocker full-disk encryption on all devices used for client work.

✓

Auto-Lock & Remote Wipe

Automatic screen lock; remote wipe capability if a device is lost or stolen.

✓

Dedicated Work Devices

Client work performed only on secured, managed devices.

✓

Encrypted PHI Storage

Enterprise-level data storage with Firestore, Firebase, FormHippo, MailHippo, Fax.Plus, and Google Workspace — all with BAAs signed between us and our tech vendors.

Your Side of the Connection

While Precision Pediatric Operations uses encrypted, secure, HIPAA-compliant technology to receive and store your information, we can’t guarantee the security of your internet connection or device.

Before sending any emails or submitting any forms, please ensure:

You’re using a private, secure internet connection (not public Wi-Fi)
You’re on a personal or trusted device
Your browser address bar shows “https://” confirming an encrypted connection

By sending emails or submitting forms, you acknowledge that you are responsible for the security of your own internet connection and device at the time of submission.

For questions or to submit information by alternative means, contact us at robert@precisionpediatricops.com or (540) 223-4565.

Our Promise

Your Data. Your Portals. Always.

We are fully credentialed on all major payer portals and work through delegate access on your accounts. Every authorization, every submission, every approval lives on your systems — not ours. If you ever part ways with PPO, 100% of your work stays with you. We never hold your data hostage or charge exit fees.

Questions About Our Security Posture?

Practices and partners are welcome to request our full security and compliance documentation during onboarding.