LRx Healthcare operates a healthcare billing and revenue cycle management business. The information our clients trust us with — including Protected Health Information (PHI) — deserves disciplined protection. This Security Statement summarizes how we approach security across people, processes, and technology.
Compliance Alignment
- HIPAA: Privacy Rule, Security Rule, and Breach Notification Rule policies and procedures.
- SOC 2 & SOC 3: Aligned to Trust Services Criteria for security, availability, and confidentiality.
- BAAs: Signed Business Associate Agreements before any PHI exchange.
- POSH: Workforce-protection policies and ongoing training.
Technical Controls
- TLS 1.2 and TLS 1.3 required for data in transit.
- Encryption at rest for sensitive data stores.
- Multi-factor authentication for all workforce access to systems handling PHI.
- Role-based access controls with least-privilege principles.
- Centralized audit logging and monitoring.
- Endpoint hardening, anti-malware, and patch management.
Infrastructure
- U.S.-based data centers and infrastructure.
- Vendor due diligence and contractual security requirements.
- Backup and recovery practices aligned to business continuity objectives.
- Change management and configuration baselines.
People & Governance
- Background-checked workforce.
- Security and HIPAA training at onboarding and at least annually thereafter.
- Documented policies, including incident response and risk management.
- Designated Security and Privacy officers.
Incident Response
We maintain documented incident response procedures with defined roles, escalation paths, communication protocols, and post-incident review. Clients are notified of any incident impacting their data in accordance with contractual and regulatory obligations.
Reporting a Concern
To report a suspected vulnerability or security concern, contact info@lrxhealthcare.com. We acknowledge all submissions and investigate promptly.