Back to Home

HIPAA Compliance Notice

Last Updated: January 27, 2026

Mohenara RCM ("Mohenara," "we," "us," "our") is committed to protecting the privacy and security of health information.

This page describes our HIPAA posture as a service provider. It is not a Notice of Privacy Practices for patients. Under HIPAA, covered entities (such as healthcare providers and health plans) provide a Notice of Privacy Practices to individuals, and business associates are not required to create their own Notice of Privacy Practices. If you are a patient, please contact your healthcare provider for its Notice of Privacy Practices and for questions about your records.

1. Our Role Under HIPAA

When we perform denial management and related revenue cycle services for a HIPAA-covered healthcare provider or similar client, we may act as a "business associate" under HIPAA.

Our handling of Protected Health Information ("PHI") is governed by our contract with the covered entity, including a Business Associate Agreement ("BAA") as required.

BAA Availability: We can provide and sign a BAA with contracted covered entity clients.

2. PHI and Our Website

We do not request PHI through the public website contact form.

DO NOT submit patient names, dates of birth, member IDs, medical record numbers, diagnoses, or any other PHI through this website, web forms, or non-secure email. If PHI is required to start services, we will provide a secure method and access controls.

3. Safeguards We Use

HIPAA requires regulated entities (covered entities and business associates) to implement administrative, physical, and technical safeguards for electronic PHI. We maintain safeguards designed to protect PHI, which may include:

Administrative Safeguards

  • Workforce training on handling sensitive information
  • Access provisioning and least-privilege access management
  • Written security policies and incident response procedures
  • Vendor management, including appropriate agreements where PHI is involved

Technical Safeguards

  • Unique user access controls and authentication
  • Audit logging/monitoring where available in client systems
  • Encryption in transit and (where applicable) encryption at rest
  • Secure password management and multi-factor authentication (MFA)

Physical Safeguards

  • Device security controls and secure work environment procedures (as applicable)

4. Permitted Uses and Disclosures

We use and disclose PHI only as permitted by our BAA and applicable law, including to:

  • Perform services for the covered entity client
  • Support quality assurance, security, and operations as allowed by contract
  • Comply with legal requirements

5. Breach Notification

If a breach of unsecured PHI occurs at or by Mohenara, HIPAA requires business associates to notify the covered entity. We maintain an incident response process and will notify covered entity clients consistent with HIPAA requirements and our BAA.

6. Questions or Complaints

If you are a patient: Contact your healthcare provider or health plan's HIPAA Privacy Official.

If you are a covered entity client or prospective client and have questions about our HIPAA practices or need a BAA:

Email: compliance@mohenara.com

Mailing Address:
MOHENARA LLC
30 N Gould St #50941
Sheridan, WY 82801