HIPAA Compliance Statement

Last updated: 5/18/2026

1. Commitment to Privacy and Security

At BACTEC, we understand the critical importance of protecting patient information. We are fully committed to complying with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

2. Business Associate Agreements (BAA)

As a technology provider to healthcare organizations, BACTEC operates as a Business Associate under HIPAA regulations. We execute comprehensive Business Associate Agreements (BAAs) with our covered entity clients before receiving, creating, maintaining, or transmitting any Protected Health Information (PHI).

3. Security Rule Compliance

We implement stringent physical, administrative, and technical safeguards to ensure the confidentiality, integrity, and availability of all electronic PHI (ePHI). Our security measures include, but are not limited to:

  • Encryption: All ePHI is encrypted both in transit and at rest using industry-standard cryptographic protocols.
  • Access Controls: We enforce strict role-based access controls and principle of least privilege. Access to systems containing ePHI requires multi-factor authentication (MFA).
  • Audit Logging: Comprehensive audit logs track all system activity, user logins, and data access patterns.
  • Vulnerability Management: Regular vulnerability scanning and penetration testing of our infrastructure and applications.

4. Administrative Safeguards

Our compliance program goes beyond technical controls. We maintain robust administrative processes, including:

  • Mandatory annual HIPAA and security awareness training for all employees and contractors.
  • Designated Security and Privacy Officers responsible for overseeing our compliance program.
  • Formal incident response plans and procedures.
  • Thorough background checks for personnel with potential access to sensitive systems.

5. Incident Reporting

In the event of a security incident or potential breach of unsecured PHI, BACTEC maintains strict procedures for prompt detection, mitigation, and notification to our covered entity clients in accordance with the HIPAA Breach Notification Rule.

6. Inquiries

If you have specific questions about our security practices, compliance program, or wish to review our Business Associate Agreement, please contact our compliance team.