HIPAA Compliance
Business Associate Agreement.
If you are a HIPAA-covered entity (a healthcare provider, health plan, or healthcare clearinghouse) and you intend to share Protected Health Information with Rx OmniMedLink as part of your operations, we are ready to execute a Business Associate Agreement.
What is a BAA?
Under the HIPAA Privacy Rule, covered entities must enter into a written agreement with any business associate that creates, receives, maintains, or transmits Protected Health Information (PHI) on their behalf. The BAA establishes the permitted and required uses of PHI and the safeguards the business associate will implement.
Our Standard BAA.
Rx OmniMedLink offers a standard BAA that covers the substantive requirements of 45 CFR ยง164.504(e). Our BAA addresses:
- Permitted uses and disclosures of PHI by Rx OmniMedLink
- Safeguards we implement to protect PHI, including AES-256 encryption at rest and TLS 1.3 in transit
- Subcontractor management, ensuring all subcontractors with PHI access are also bound by BAAs
- Breach notification procedures, including the timeline for notifying you of any breach
- Access rights for individuals to their PHI
- Audit and accounting of disclosures
- Return or destruction of PHI upon termination
- Indemnification for breaches caused by Rx OmniMedLink
How to Request a BAA.
To execute a BAA with Rx OmniMedLink, please send the following to our legal team:
- Your organization's legal name and address
- Type of covered entity (provider, health plan, clearinghouse)
- Brief description of the services for which PHI will be exchanged
- Estimated volume of PHI transactions
- Designated HIPAA Privacy Officer contact information
Registered Office for Notices
Kelshad Cyber Systems And Technologies LLC
7901 4th St N, STE 300
St. Petersburg, FL 33702
United States
For formal BAA notices, breach notifications, and legal correspondence under the executed agreement.
Response Timeline.
- Initial response: Within 2 business days of your request
- Standard BAA delivery: Within 5 business days
- Custom BAA review: If you require modifications to our standard agreement, our legal team will review within 10 business days
- Execution: Both parties sign electronically through DocuSign or similar; effective immediately upon mutual signature
Our Certifications.
In addition to the BAA, you may request the following compliance documentation:
- HIPAA Security Rule risk assessment summary
- SOC 2 Type II report, available Q4 2026
- Subprocessor list and their BAAs
- Incident response and breach notification plan
- Encryption and key management documentation
Note: Patient accounts on Rx OmniMedLink do not require a BAA. The BAA applies only to organizations acting as covered entities under HIPAA. If you are a patient seeking access to your own health information, no BAA is needed; simply sign in or sign up.