Marula LLC

Administratve Office

HIPAA Compliance Statement

 

Effective Date: September 19, 2025

Entity: Marula LLC, Administrative Office, Pleasant Grove, Utah

Applies To:

All patients, providers, and users of telehealth services administered through Marula Rehab

 

1. Commitment to HIPAA Compliance

  • Marula LLC is a Covered Entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including its implementing regulations at 45 CFR Parts 160 and 164. We are committed to safeguarding the privacy, integrity, and security of Protected Health Information (PHI) across all digital and administrative operations.

 

2. Privacy Rule Compliance

 

  • We comply with the HIPAA Privacy Rule by:
  • Providing patients with a clearNotice of Privacy Practices
  • Limiting use and disclosure of PHI to treatment, payment, and healthcare operations
  • Obtaining written authorization for non-permitted uses (e.g., marketing, psychotherapy notes)
  • Honoring patient rights to access, amend, and restrict their health information

 

3. Security Rule Compliance

  • Marula LLC maintains administrative, physical, and technical safeguards to protect electronic PHI (ePHI), including:
  • End-to-end encryption using TLS 1.3 for all data transmissions
  • HIPAA-compliant cloud storage hosted within the United States
  • Role-based access controls and multi-factor authentication for staff
  • Routine security audits, penetration testing, and vulnerability scans
  • Secure telehealth platform with session-level encryption and audit logging

 

4. Breach Notification Rule Compliance

  • In the event of a breach involving unsecured PHI, Marula LLC will:
  • Notify affected individuals within 60 calendar days of discovery
  • Report breaches affecting 500+ individuals to the U.S. Department of Health & Human Services (HHS)
  • Maintain documentation of breach investigation and mitigation steps
  • Cooperate fully with OCR investigations and enforcement actions

 

5. Workforce Training & Accountability

  • All Marula LLC staff and affiliated providers undergo annual HIPAA training, including:
  • PHI handling protocols
  • Secure communication standards
  • Incident reporting procedures
  • Role-specific privacy responsibilities
  • Violations of HIPAA policies may result in disciplinary action, termination, or legal referral.

 

6. Business Associate Agreements (BAAs)

  • Marula LLC executes BAAs with all third-party vendors who access PHI, including:
  • Electronic Health Record (EHR) platforms
  • Telehealth software providers
  • Billing and Medicaid enrollment services
  • Secure hosting and data backup vendors
  • Each BAA includes required safeguards, breach protocols, and audit rights.

 

7. Contact for HIPAA Concerns

  • To report a privacy concern or request more information:
  • Email: info@marulallc.com
  • Phone: 1-801-427-5515
  • Address:
  • 2728 N. Canyon Road,
  • Pleasant Grove, Utah 84062

 

  • You may also file a complaint directly with the U.S. Department of Health & Human Services Office for Civil Rights atHHS.gov