Oregon Counselor Directory STAGING
Healthcare Privacy

HIPAA Compliance Statement

Protecting Patient Privacy and Securing Healthcare Operations

My Commitment to Healthcare Privacy

Oregon Counselor Directory is built on a foundation of trust, prioritizing the security and confidentiality of patient and provider data. While the directory operates as a directory service and are not inherently a direct Covered Entity under HIPAA, I voluntarily adhere to rigorous HIPAA-compliant standards to protect the integrity of the platform and secure any transmission of Protected Health Information (PHI).

Technical Safeguards

  • Encryption in Transit: All communications protected by TLS 1.3 encryption
  • Encryption at Rest: Sensitive data encrypted using AES-256 standard algorithms
  • Access Controls: Role-based access with Bcrypt password hashing
  • Audit Logging: System access and modifications tracked for threat identification

Business Associate Agreements

The directory operates on modern cloud infrastructure utilizing vendors who support HIPAA-compliant environments. Where applicable, I establish Business Associate Agreements (BAAs) with third-party vendors to ensure a continuous chain of security and compliance.

Administrative & Physical Safeguards

Access to backend systems is strictly monitored and limited to authorized personnel using multi-factor authentication. Server environments are hosted within ISO 27001-certified and SOC 2 Type II compliant data centers with biometric security and 24/7 environmental controls.

Secure Lead Generation

When patients contact verified Growth or Pro tier providers:

  • The directory acts as a secure intermediary and do not permanently store clinical messages (PHI)
  • Providers are responsible for ensuring their own HIPAA-compliant systems
  • Patients are advised against transmitting highly sensitive data through contact forms

Provider Responsibility

It is the explicit responsibility of individual practitioners and clinics utilizing Oregon Counselor Directory to maintain their own HIPAA compliance regarding the reception, storage, and processing of patient data acquired through this platform.

Reporting & Contact

If you believe there has been a breach of unsecured protected health information or have questions regarding the security protocols, please contact me directly.

support@orcounselors.com