HIPAA Compliance Statement

Last Updated: January 20, 2026

1. Our Commitment to Compliance

Maximum Revenue Recovery Inc. ("MRR") strictly adheres to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). We are committed to protecting the privacy, security, and integrity of Protected Health Information (PHI).

2. Business Associate Agreement (BAA)

As a medical billing service provider, MRR acts as a Business Associate to our healthcare provider clients ("Covered Entities"). We execute a comprehensive Business Associate Agreement (BAA) with every client prior to accessing any PHI. This BAA outlines our responsibilities and safeguards regarding PHI.

3. Administrative Safeguards

  • Security Officer: We have a designated Security Officer responsible for developing and implementing security policies.
  • Workforce Training: All MRR employees undergo mandatory annual HIPAA training and adhere to strict confidentiality agreements.
  • Access Management: Access to PHI is granted only to authorized personnel on a "need-to-know" basis.

4. Physical Safeguards

  • Facility Access Controls: Our facilities are secured with restricted access to prevent unauthorized physical entry.
  • Workstation Use: We strictly monitor workstation use and implement screen locks and session timeouts.
  • Device Security: All devices used to access client data are encrypted and managed centrally.

5. Technical Safeguards

  • Encryption: All PHI is encrypted in transit (using TLS 1.2 or higher) and at rest (using AES-256 encryption standards).
  • Audit Controls: We maintain detailed audit logs of all system activity to track who accesses PHI and when.
  • Integrity Controls: We implement measures to protect PHI from improper alteration or destruction.
  • Authentication: We enforce strong password policies and Multi-Factor Authentication (MFA) for all system access.

6. Breach Notification

In the unlikely event of a data breach involving unsecured PHI, MRR will notify the affected Covered Entity without unreasonable delay and in accordance with the timelines mandated by HIPAA and the HITECH Act (typically within 60 days of discovery).

7. Contact Us

If you have questions regarding our HIPAA compliance program, please contact our Security Officer at:

MRR Billing Security Officer
West Palm Beach, FL
561-287-7353
security@mrrbilling.com