HIPAA COMPLIANCE

Date: 8 Jan 2026 Company Name: RxFiler

Business Type: 340B Third-Party Administrator (TPA)

1. Introduction

RxFiler  (hereinafter referred to as “The Company”) is a Third-Party Administrator (TPA) dedicated to facilitating 340B claims management and ESP™ submission services. We are committed to maintaining the highest standards of data integrity and are fully compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

2. Business Associate Status

The Company operates as a “Business Associate” to TPA , Cover Entities, and Contract Pharmacies. We acknowledge our legal obligation to protect the privacy and security of all Protected Health Information (PHI) entrusted to us, in accordance with the HIPAA Privacy Rule and Security Rule.

We are prepared to execute a Business Associate Agreement (BAA) with all clients prior to the transmission of any data.

3. Technical Safeguards

To ensure the confidentiality, integrity, and availability of Electronic Protected Health Information (ePHI), the Company employs the following technical safeguards:

  • Encryption in Transit: All data transmitted between the Covered Entity, The Company, and external platforms (such as 340B ESP™) is protected using Secure Socket Layer (SSL) and Transport Layer Security (TLS) 1.2+ protocols.
  • Encryption at Rest: All sensitive data stored within our databases is encrypted using industry-standard AES-256 encryption.
  • Access Control: Access to ePHI is restricted to authorized personnel based on the principle of least privilege. Unique user IDs and complex passwords are required for all system access.
  • Audit Trails: Our platform maintains detailed logs of all user activities, data submissions, and file transfers to facilitate security audits and monitoring.

4. 340B Program Integrity

The Company’s platform is designed to support 340B program compliance, including but not limited to:

  • Identification and prevention of duplicate discounts (Medicaid/340B).
  • Validation of NDCs and dispensing data before submission.
  • Secure submission of claims data to the Second Sight Solutions (340B ESP™) platform.

5. Physical & Administrative Safeguards

  • Workforce Training: All employees and contractors undergo mandatory HIPAA training upon hire and annually thereafter.
  • Incident Response: The Company maintains a formal incident response plan to address any potential security breaches or unauthorized disclosures of PHI.

Vendor Management: We ensure that any subcontractors with access to PHI also adhere to strict HIPAA compliance standards.

Scroll to Top