HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. See below for our compliance with HIPAA standards. There are mandatory standards for HIPAA compliance marked by (Required), and voluntary standards marked by (Optional) that FootCountry.com is striving for compliance.

Updated December 21, 2021

Unique User Identification

(Required) Assign a unique name and/or number for identifying and tracking user identity

Automatic Log off

(Optional) Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity


(Required) Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed

Encryption and Decryption

(Required) Implement a mechanism to encrypt and decrypt ePHI.

Integrity Controls

(Optional) Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of


(Optional) Implement a mechanism to encrypt ePHI whenever deemed appropriate

Audit Controls

(Required) Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI

Contingency Operations

(Optional) Establish (and implement as needed) procedures that allow facility access in support of data restoration under the disaster recovery and emergency operations plan in the event of an emergency

Facility Security Plan

(Optional) Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft

Access Control and Validation Procedures

(Optional) Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision


(Required) Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored.

Media Re-Use

(Required) Implement procedures for removal of ePHI from electronic media before the media are made available for re-use.


(Optional) Maintain a record of the movements of hardware and electronic media and any person responsible therefore.

Data Backup and Storage

(Required) Create a retrievable, exact copy of ePHI, when needed, before movement of equipment.

Emergency Access Procedures

(Required) Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency

Not Applicable