Compliance & Legal

1. Business Associate Operations: Medpool operates strictly as a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HITECH Act. We mandate a fully executed Business Associate Agreement (BAA) prior to the receipt, transmission, or processing of any Protected Health Information (PHI).

2. Data Safeguards & Infrastructure: All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256). Our infrastructure enforces the "Minimum Necessary" standard, strict role-based access controls (RBAC), and maintains comprehensive, immutable audit logs of all system interactions involving health data.

3. Incident Response: In the event of a security incident or breach of unsecured PHI, Medpool maintains protocols to notify the Covered Entity without unreasonable delay, strictly adhering to the timeframes mandated by HIPAA and applicable state breach notification laws.

1. Information Collection: We collect standard business contact information and usage metrics via this website to improve our services. Note: PHI submitted for clinical review is governed entirely by your organization's BAA and is strictly excluded from standard website data processing and analytics.

2. Data Usage & Sharing: Medpool does not sell, rent, or trade personal or professional information. Website data is used strictly for operational improvements. Client data and records are accessed only by authorized clinical and technical personnel required to execute the contracted services.

3. State-Specific Rights: Depending on your jurisdiction (including Texas, Florida, Hawaii, and California), you may have statutory rights to request access, correction, deletion, or restriction of your personal data. All privacy inquiries and requests should be directed to our compliance team.

1. Scope of Service: Medpool provides medical-legal consulting, document analysis, and expert clinical matchmaking. We do not practice medicine, provide clinical diagnoses, or establish doctor-patient relationships. All reviews, chronologies, and opinions are strictly for legal, analytical, or training purposes.

2. Jurisdictional Licensing Requirements: Services requiring active medical or nursing licenses in specific states or venues (e.g., TX, FL, HI) are sourced upon explicit client request and generally incur an administrative upcharge. The retaining client is solely responsible for verifying that the provided expert meets the specific statutory and evidentiary requirements of their venue.

3. Limitation of Liability: Medpool’s analyses, chronologies, and expert opinions are based exclusively on the records and materials provided by the client. We assume no liability for errors, omissions, or strategic outcomes resulting from incomplete, redacted, withheld, or altered records provided to our personnel.