Evrard Medclaims maintains strict administrative, physical, and technical safeguards to protect PHI from unauthorized access, disclosure, alteration, or destruction.
We ensure that all data shared with us—for claims processing, billing, insurance verification, credentialing, or A/R management—is handled with the highest level of security and confidentiality.

Our compliance applies to:

• Healthcare providers (Covered Entities)

• Business Associates

• Any third-party vendors who support required billing functions

At Evrard MedClaims, safeguarding Protected Health Information (PHI) is a foundational part of our medical billing and Revenue Cycle Management (RCM) operations.
We follow all requirements under the Health Insurance Portability and Accountability Act (HIPAA) to ensure complete privacy, security, and integrity of all patient information entrusted to us.

We implement policies and procedures designed to manage the selection, development, and implementation of security measures that protect PHI.

Our administrative safeguards include:
✔ Staff HIPAA training and annual compliance certification
✔ Role-based access to sensitive information
✔ Internal auditing and monitoring
✔ Clear policies for PHI usage, transmission, and storage
✔ Incident response procedures for potential breaches
✔ Signed Business Associate Agreements (BAAs) with all partners

We utilize secure technology systems to protect PHI during electronic transmission, storage, and processing.

Technical safeguards include:
✔ Fully encrypted data transmission (SSL/TLS)
✔ Encrypted email communication for PHI
✔ Secure EHR/EPM system integrations
✔ Multi-factor authentication for system access
✔ IP-based access restrictions when applicable
✔ Audit logs to track data access and activity
✔ Regular system vulnerability checks and updates

We pride ourselves

Our physical security measures ensure that PHI stored or accessed within our offices or systems remains safe.

Physical safeguards include:
✔ Secure office workspace
✔ Controlled access to computer systems
✔ Password-protected devices
✔ No local storage of PHI on personal devices
✔ Secure data centers through HIPAA-compliant partners
✔ Document shredding and secure disposal procedures

on our adaptability and commitment to excellence in every aspect of our service. Explore what we have to offer and how we can contribute to your success.

We only use and disclose PHI for approved purposes related to:

• Medical billing

• Claims submission

• Payment posting

• Denial management

• Insurance follow-up

• Credentialing

• Healthcare operations as permitted by HIPAA

We never sell, share, or disclose PHI for marketing, non-operational, or unrelated purposes.

Evrard MedClaims provides a Business Associate Agreement to all partnered healthcare providers.
This agreement outlines responsibilities for protecting PHI and ensuring ongoing compliance.

A signed BAA is required before processing any patient information.

In the unlikely event of a data breach affecting PHI:

• We follow HIPAA’s Breach Notification Rule

• Affected parties are notified promptly

• Immediate corrective actions are implemented

• Incident reports and remediation processes are documented

We proactively monitor systems to prevent unauthorized access and suspicious activity.

As a Business Associate, we support healthcare providers in fulfilling patient rights under HIPAA, including:

• The right to access their records

• The right to request corrections

• The right to confidentiality

• The right to request restrictions

We never respond to patient requests directly; instead, we work through the provider to ensure compliance.

We retain PHI only for the period necessary to fulfill billing and legal requirements.
After that period, data is securely deleted using HIPAA-approved destruction methods.

Our staff undergoes regular training and quarterly updates on:

• HIPAA Privacy and Security Rules

• PHI handling procedures

• Compliance best practices

• Changes to federal or state regulations

This ensures continuous alignment with strict industry standards.