Legal

HIPAA Statement

Last updated: June 2026

AI iT MSP ("Ai iT MSP") provides managed IT and cybersecurity services to healthcare organizations and their partners. This statement describes how we secure protected health information (PHI) and support our clients in meeting their obligations under the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act.

Securing Protected Health Information

When our services involve access to electronic protected health information (ePHI), we treat that information with the care its sensitivity demands. We apply layered controls designed to protect the confidentiality, integrity, and availability of PHI throughout the environments we manage and monitor on our clients' behalf.

Business Associate Agreements

Where we act as a business associate, we are willing to enter into a Business Associate Agreement (BAA) with the covered entity or upstream business associate, as required by HIPAA, before handling ePHI on their behalf. The BAA defines each party's responsibilities for safeguarding PHI.

Safeguards Under the HIPAA Security Rule

We help implement and operate administrative, physical, and technical safeguards aligned with the HIPAA Security Rule, including:

  • Administrative safeguards: risk analysis, security policies, access management, and workforce procedures.
  • Physical safeguards: controls over the facilities, devices, and workstations used to access ePHI.
  • Technical safeguards: access controls, encryption where appropriate, audit logging, and integrity and transmission protections.

Breach Notification Support

We maintain incident response practices and 24/7 monitoring that help detect and contain security events. In the event of a suspected breach involving PHI, we support our clients in meeting their breach notification obligations under HIPAA and the HITECH Act, including timely investigation, documentation, and coordination as defined in the applicable BAA.

Shared Responsibility

HIPAA compliance is a shared responsibility. While we provide the safeguards, monitoring, and guidance described above, each healthcare organization remains responsible for its own compliance program, policies, and workforce practices. Please do not submit PHI through our public website forms or general email, as these channels are not intended for the transmission of patient data.

Contact Us

Questions about our HIPAA practices may be directed to Ai iT MSP at webalerts@aiitmsp.com.