Compliance Statement

Last Updated: 01-Nov-2024

1. Commitment to Compliance

Experts InfoTech (Pvt) Ltd is dedicated to maintaining the highest standards of regulatory compliance for our xMed EMR platform. We understand the importance of protecting sensitive healthcare information and adhere to strict legal and ethical guidelines.

2. Data Protection Regulations

We comply with global and regional data protection laws to ensure patient data is handled with integrity and confidentiality.

• HIPAA Compliance: We comply with the Health Insurance Portability and Accountability Act (HIPAA) requirements for handling Protected Health Information (PHI) in the United States.
• GDPR Compliance: We adhere to the General Data Protection Regulation (GDPR) principles regarding data processing, consent, and privacy rights for users in the European Union.
• Local Regulations: We monitor and comply with specific data residency and healthcare laws in the regions where our customers operate.

3. Business Associate Agreements (BAA)

For customers subject to HIPAA, Experts InfoTech (Pvt) Ltd acts as a Business Associate. We sign a Business Associate Agreement (BAA) with covered entities. This legal contract outlines our responsibilities regarding the creation, receipt, maintenance, and transmission of protected health information.

To request a BAA, please contact our compliance team.

4. Security Certifications

We align our security practices with internationally recognized standards to ensure a robust defense against data breaches.

• ISO 27001: We implement an Information Security Management System (ISMS) based on ISO 27001 standards to manage information security risks.
• SOC 2: We undergo regular audits based on the AICPA Trust Services Criteria regarding security, availability, and processing integrity.

5. Customer Responsibilities

Compliance is a shared responsibility. While we secure the infrastructure, customers (Covered Entities) must ensure:

• Data entered into the system is accurate and obtained with proper patient consent.
• Access to the xMed EMR system is restricted only to authorized workforce members.
• Any breach of PHI discovered by the customer is reported to us and relevant authorities in accordance with the law.

6. Changes in Regulatory Landscape

We continuously monitor changes in healthcare laws and technology standards. If a new regulation impacts our service, we will update our policies, features, and security measures to maintain compliance and notify our customers of any required actions.

7. Contact Us

If you have questions regarding our compliance status, require a copy of our certifications, or need to request a BAA, please contact us:

• Company: Experts InfoTech (Pvt) Ltd
• Email: info@xmed.pk
• Website: https://xmed.pk
• Address: P-19, Block-E, Millat Town, Faisalabad.