Compliance & Ethics

PHI Protected · Live

HIPAA Compliant

All billing, administrative functions, scheduling, calls, and records management are handled fully in-house on secure, federally certified systems. Your information never leaves our protected environment.

256

Bit Encryption

100%

In-House

24/7

Monitoring

ONC · HITRUST

Covered Entity under HIPAA

Massage Healthcare of America Inc. is designated as a Covered Entity under HIPAA because we electronically transmit Protected Health Information (PHI) to insurance carriers for claims related to medically necessary therapeutic massage services, like lymphedema treatments and MSK care. This elevates our practice far beyond typical spa confidentiality, aligning us with professional healthcare providers through stringent federal privacy and security standards.

Unmatched Data Protection

We prioritize your personal and health information with a highly advanced, cloud-based EHR platform, certified to the highest federal standards, including ONC Health IT and HITRUST validations, that fortifies PHI with ironclad safeguards like automatic data trace erasure after AI-generated notes and continuous security updates against cyber threats. No system is fully immune to sophisticated external hacks, but our proprietary technology — one of the nation's most sophisticated and widely adopted — invests heavily in cutting-edge protocols to deliver the strongest possible defense while enabling limitless secure storage.

Professional HIPAA Commitment

When handling PHI for insurance billing or auto accident cases, we require patient consent via signed HIPAA authorization forms before sharing specifics with carriers or attorneys, ensuring only authorized data flows for legitimate purposes like payment.

Patient-Centric Assurance

This elite setup lets us focus purely on your outcomes, from manual lymphatic drainage to insurance-covered therapies, demonstrating our professionalism as a true healthcare partner. Your PHI stays locked down, accessible only as you permit — far exceeding spa norms.

The Seven Pillars

Documented, audited, enforced.

01 — Written Policies & Procedures

Massage Healthcare of America Inc. maintains a comprehensive HIPAA Policies and Procedures manual that governs the handling, storage, and disposal of all Protected Health Information (PHI). Our protocols are updated annually to remain in alignment with the latest federal healthcare regulations.

02 — Annual Risk Assessment (SRA)

We conduct a rigorous annual Security Risk Assessment using the HHS-approved SRA Tool. This proactive measure ensures that our administrative, physical, and technical safeguards remain bulletproof as we expand our clinical footprint across the nation.

03 — Business Associate Agreement (BAA)

To ensure a closed-loop of security, MHA Inc. maintains signed Business Associate Agreements (BAAs) with all third-party vendors, including our HITRUST-certified EHR provider. This legally ensures that your data is protected at every touchpoint, from our clinic to the cloud.

04 — Staff Training Logs

Every member of our clinical team — including our Registered Nurses, Kinesiologists, and Licensed Massage Therapists — undergoes mandatory annual HIPAA and Medical Compliance training. We maintain strict documentation of these certifications to ensure the highest standard of patient privacy.

05 — Privacy & Security Officer

MHA Inc. has a designated Privacy and Security Officer responsible for the implementation of our compliance program and the protection of patient rights. For privacy-related inquiries, patients may contact our compliance department directly.

06 — Notice of Privacy Practices (NPP)

Our Notice of Privacy Practices (NPP) describes how medical information about you may be used and disclosed and how you can get access to this information. You will be provided a copy of this notice at your first appointment, and it is available upon request at any time.

07 — Breach Notification Plan

In the unlikely event of a data compromise, MHA Inc. maintains a strict Breach Notification Procedure. We are committed to notifying affected individuals and the Department of Health and Human Services (HHS) within the legally mandated timeframes, ensuring total transparency and corrective action.

Patient-Facing Statement

As a HIPAA Covered Entity billing insurance for your medically necessary care, Massage Healthcare of America Inc. safeguards your PHI with an award-winning, federally certified EHR platform featuring AI-driven notes, instant data erasure, and unbreakable security updates. Your portal ensures full control, so we deliver expert therapy without distraction.

Notice of Privacy Practices

How your information is used and protected.

Effective Date: May 6, 2026

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Your Rights

You have the right to request a copy of your medical records, ask us to correct your health record, and request confidential communications.

Our Uses and Disclosures

We typically use or share your health information to treat you (via physician referrals), run our organization (billing and claims), and bill for your services through our in-network partnerships with major payers like Aetna, Cigna, and United Healthcare.

Our Responsibilities

We are required by law to maintain the privacy and security of your protected health information (PHI) and to notify you promptly if a breach occurs that may have compromised the privacy or security of your information.

Patients may request a paper copy of this notice at any time during their visit.

A Unique Healthcare Infrastructure

A first-of-its-kind corporate medical model.

NPI-Independent Structure

MHA operates under its own corporate healthcare structure rather than being tied to the group NPI of a third-party physician group. This allows us to accept referrals from any licensed healthcare professional or provider nationwide, offering unparalleled accessibility for patients.

Credentialed Clinical Team

We do not hire general LMTs for clinical roles. Our staff consists of Registered Nurses and Kinesiologists who are also licensed in massage therapy and have undergone proprietary training in our In-House Academy.

Specialized Medical Care

We focus on medically necessary interventions, specifically Manual Lymphatic Drainage (MLD) and Decongestive Therapy for Lymphedema, as well as worker's compensation and sports recovery.

HIPAA-Compliant Technology

All clinical documentation is managed via an ONC and HITRUST-certified Electronic Health Record (EHR) system, ensuring your medical history is handled with the highest level of encryption and security available in modern medicine.

Phone & SMS Privacy

Data sharing & messaging terms.

Data Sharing

  • Customer data is not shared with 3rd parties for promotional or marketing purposes.
  • Mobile opt-in and consent are never shared with anyone for any purpose. Any information sharing that may be mentioned elsewhere in this policy excludes mobile opt-in data.

Massage Healthcare of America Inc. — Messaging Terms & Conditions

  1. The messaging program consists of appointment reminders, scheduling confirmations, care coordination, and administrative updates related to your treatment.
  2. You can cancel the SMS service at any time. Just text 'STOP' to the phone number from which you received messages. After you send the SMS message 'STOP' to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time and we will start sending SMS messages to you again.
  3. If you are experiencing issues with the messaging program you can reply with the keyword HELP for more assistance, or you can get help directly at az@mha702.com.
  4. Carriers are not liable for delayed or undelivered messages.
  5. As always, message and data rates may apply for any messages sent to you from us and to us from you. Message frequency will vary based on communication needs. If you have any questions about your text plan or data plan, it is best to contact your wireless provider.
  6. If you have any questions regarding privacy, please read our privacy policy contained in the rest of this document/page.

Contact Our Compliance Office

Privacy & Security Officer

For questions regarding our privacy practices or our corporate structure, please contact our Privacy & Security Officer at Massage Healthcare of America Inc.

Fax (Medical Reports)

(775) 205-2105