Security & HIPAA Compliance

Micar21 is a HIPAA compliant service. This means we meet or exceed all federal requirements for protecting personal health information (PHI) of patients under the Health Insurance Portability Accountability Act of 1996 (HIPAA).

We do this using technology and secure business policies and procedures. The technology we employ encrypts and stores all PHI securely while still allowing for the consulting doctor to access critical information easily and quickly. Our business practice is to only collect the information we need at the time we need it. We do not collect or store PHI until after a patient decides to open a case and we carefully segregate PHI from general user information and data.

We exceed security and privacy settings set by the HHS for a Health Information Exchange. All communication is transmitted over secure encrypted channels (higher level of encryption than commercial banks). We incorporate a strict security policy into our product; for example, we don't send PHI over email, rather directing patients and doctors to our secure messaging service.

Our data is secured offsite at an undisclosed data facility used by HIPAA covered entities. Physical access is restricted and logged; facility staff does not have access to our data. In addition, all sensitive information is encrypted, each patient is assigned a random user ID to prevent identification, and our data structure separates PHI from user IDs. All our data is backed up regularly to a separate offsite location used by HIPAA covered entities.