HIPAA Compliance & Data Security Statement

At CredX, we are committed to maintaining the privacy, confidentiality, integrity, and security of healthcare-related information handled through our credentialing, contracting, provider onboarding, enrollment tracking, and revenue cycle support platform.

CredX follows industry-standard administrative, technical, and physical safeguards designed to support compliance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable healthcare data protection regulations.

CredX implements security measures designed to protect sensitive healthcare and provider information from unauthorized access, disclosure, alteration, or destruction.

Our safeguards include:

• Encrypted data transmission using SSL/TLS
• Secure cloud infrastructure and hosting environments
• Role-based access controls and user authentication
• Multi-factor authentication (MFA) where applicable
• Audit logs and activity monitoring
• Secure document storage and transfer
• Data backup and disaster recovery procedures
• Workforce confidentiality and HIPAA awareness training
• Restricted internal access to sensitive information

CredX is willing to execute a Business Associate Agreement (BAA) with covered entities and healthcare organizations when required under HIPAA regulations.

Clients requiring a signed BAA may contact our compliance team directly.

CredX may utilize workflow automation, machine learning, and AI-assisted technologies to improve credentialing efficiency, provider onboarding visibility, enrollment tracking, and operational workflows.

Any use of healthcare-related data within our systems is managed under strict confidentiality and security controls.

CredX does not sell protected health information (PHI) or confidential healthcare data.

CredX works with secure infrastructure and technology vendors that maintain recognized security and compliance standards.

Where applicable, appropriate agreements and data protection obligations are maintained with third-party service providers.

CredX maintains internal procedures for identifying, investigating, responding to, and mitigating potential security incidents.

In the event of a confirmed data breach involving protected information, CredX will follow applicable breach notification requirements under HIPAA and other relevant laws.

Clients using CredX services are responsible for:

• Maintaining secure login credentials
• Restricting unauthorized account access
• Providing accurate and lawful information
• Following their own internal HIPAA compliance obligations
• Not transmitting unnecessary PHI outside approved workflows

While CredX implements security and privacy safeguards designed to support HIPAA compliance, no electronic system can guarantee absolute security.

HIPAA compliance is a shared responsibility between CredX and its clients based on how the platform and related services are used.

By using the CredX platform, website, or related services, users acknowledge and agree to the data handling and security practices described in this statement.

For HIPAA, security, privacy, or compliance-related inquiries, please contact:

CredX Compliance Team