Red Fox Medical Courier operates as a HIPAA Business Associate for every healthcare client we serve. Our end-to-end compliance program covers Business Associate Agreements, driver training, chain-of-custody documentation, and incident response — so your facility stays protected and audit-ready.

Business Associate Agreement (BAA)

We execute a signed BAA with every healthcare partner before the first pickup. Our BAA covers permissible uses and disclosures of Protected Health Information (PHI), breach notification obligations under 45 CFR §164.410, and subcontractor obligations. We maintain executed BAAs on file for a minimum of six years per 45 CFR §164.530(j).

• Customizable BAA available upon request
• Counter-signed within 1 business day
• Reviewed annually by legal counsel

Driver HIPAA Training Program

Every Red Fox driver completes a structured HIPAA training program before handling any healthcare shipment. Training is renewed annually and documented in our personnel records.

• Initial training covers PHI recognition, minimum necessary standard, and permissible disclosures
• Practical training on tamper-evident packaging, temperature logs, and chain-of-custody forms
• Annual recertification with attestation on file
• Background checks conducted on all drivers

Chain-of-Custody Procedures

Every pickup and delivery is documented with a full chain-of-custody record. Our drivers capture electronic proof of pickup, condition photos, and delivery signature — creating an auditable trail from origin to destination.

• Timestamped pickup confirmation with driver ID
• Condition documentation at pickup and delivery
• Electronic signature capture at delivery
• Records retained for 6 years; available on request within 48 hours
• Temperature logs for cold-chain shipments (2–8°C and frozen)

Incident Response & Breach Notification

In the unlikely event of a breach or loss, Red Fox follows a documented incident response protocol aligned with the HIPAA Breach Notification Rule (45 CFR §§164.400–414). We notify the covered entity within 24 hours of discovery — well ahead of the 60-day regulatory requirement.

• Immediate incident isolation and documentation
• Written notification to your Privacy Officer within 24 hours
• Root cause analysis and corrective action report within 10 business days
• Coordination with your legal team for any required HHS reporting

Certifications & Insurance

Red Fox maintains comprehensive coverage appropriate for medical courier operations. Certificates of Insurance are available on request for vendor credentialing packets.

• Commercial General Liability: $2,000,000 per occurrence
• Commercial Auto: $1,000,000 per occurrence
• Workers Compensation: statutory limits
• HIPAA compliance attestation available upon request
• Credentialing documentation available for hospital vendor portals

Request Our Full Compliance Documentation

Need our COI, BAA template, or HIPAA attestation for a vendor credentialing packet? Call us at 1-813-489-5888 or email info@redfoxmedicalcourier.com and we will send the full compliance package within 1 business day.