Vitalae protects the confidentiality of information it receives by adhering to the requirements of the HIPAA Privacy Rule and the HIPAA Security Rule.  The Privacy Rule governs the acquisition, storage, transfer and retention of Protected Health Information, in both electronic and paper formats.  The Security Rule covers all information acquired, maintained or transferred electronically.


Vitalae follows the policies and practices it has documented in its HIPAA Privacy Manual, and in its HIPAA Security Compliance Plan.  These documents cover areas such as:


  • Definitions of Protected Health Information

  • Privacy Officer duties and responsibilities

  • Requests for Accounting of Disclosures of PHI

  • Physical security of electronic equipment used to acquire and store PHI

  • Technical safeguards to prevent unauthorized access to PHI

  • Training and awareness for staff members who have access to PHI


Vitalae provides training to all new staff members on their responsibilities to maintain the confidentiality of information they have access to as part of their duties.  In addition, Vitalae:


  • Continuously monitors the security of its electronic resources to minimize the possibility of a breach of security

  • Conducts an annual evaluation of its compliance with its Privacy and Security policies and practices

  • Updates its policies and practices continuously as requirements or environments change

  • Provides annual refresher training to staff members on confidentiality, privacy and security.

  • Has completed a HIPAA Risk Assessment, provided by a qualified third party


Contact Us

t. 800-394-WELL (9355)

f. 949-521-6599

Privacy & Security